From f73dd05a0487d95ecc5df6c8a337e7fc49573bfb Mon Sep 17 00:00:00 2001 From: "kumahq[bot]" <110050114+kumahq[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:34:55 +0000 Subject: [PATCH] chore(deps): update docs from repo source Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com> --- .../raw/crds/kuma.io_circuitbreakers.yaml | 45 + .../raw/crds/kuma.io_containerpatches.yaml | 110 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 45 + .../2.1.x/raw/crds/kuma.io_dataplanes.yaml | 45 + .../raw/crds/kuma.io_externalservices.yaml | 45 + .../raw/crds/kuma.io_faultinjections.yaml | 45 + .../2.1.x/raw/crds/kuma.io_healthchecks.yaml | 45 + .../raw/crds/kuma.io_meshaccesslogs.yaml | 281 +++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 652 +++++ app/assets/2.1.x/raw/crds/kuma.io_meshes.yaml | 45 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 189 ++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 152 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 279 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 45 + .../2.1.x/raw/crds/kuma.io_meshgateways.yaml | 45 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 303 +++ .../raw/crds/kuma.io_meshhttproutes.yaml | 403 ++++ .../2.1.x/raw/crds/kuma.io_meshinsights.yaml | 45 + .../raw/crds/kuma.io_meshproxypatches.yaml | 343 +++ .../raw/crds/kuma.io_meshratelimits.yaml | 227 ++ .../2.1.x/raw/crds/kuma.io_meshretries.yaml | 362 +++ .../2.1.x/raw/crds/kuma.io_meshtimeouts.yaml | 243 ++ .../2.1.x/raw/crds/kuma.io_meshtraces.yaml | 201 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 125 + .../raw/crds/kuma.io_proxytemplates.yaml | 45 + .../2.1.x/raw/crds/kuma.io_ratelimits.yaml | 45 + .../2.1.x/raw/crds/kuma.io_retries.yaml | 45 + .../raw/crds/kuma.io_serviceinsights.yaml | 45 + .../2.1.x/raw/crds/kuma.io_timeouts.yaml | 45 + .../2.1.x/raw/crds/kuma.io_trafficlogs.yaml | 45 + .../raw/crds/kuma.io_trafficpermissions.yaml | 45 + .../2.1.x/raw/crds/kuma.io_trafficroutes.yaml | 45 + .../2.1.x/raw/crds/kuma.io_traffictraces.yaml | 45 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 45 + .../2.1.x/raw/crds/kuma.io_zoneegresses.yaml | 45 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 45 + .../2.1.x/raw/crds/kuma.io_zoneingresses.yaml | 45 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 46 + .../2.1.x/raw/crds/kuma.io_zoneinsights.yaml | 45 + app/assets/2.1.x/raw/crds/kuma.io_zones.yaml | 45 + app/assets/2.1.x/raw/helm-values.yaml | 718 ++++++ app/assets/2.1.x/raw/kuma-cp.yaml | 577 +++++ .../protos/CertificateAuthorityBackend.json | 98 + .../2.1.x/raw/protos/CircuitBreaker.json | 198 ++ .../2.1.x/raw/protos/ClustersRequest.json | 30 + .../2.1.x/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/2.1.x/raw/protos/Dataplane.json | 329 +++ .../2.1.x/raw/protos/DataplaneInsight.json | 232 ++ .../2.1.x/raw/protos/DataplaneOverview.json | 571 +++++ .../raw/protos/DiscoveryServiceStats.json | 26 + .../raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/2.1.x/raw/protos/EnvoyAdmin.json | 17 + app/assets/2.1.x/raw/protos/EnvoyVersion.json | 26 + .../2.1.x/raw/protos/ExternalService.json | 107 + .../2.1.x/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/2.1.x/raw/protos/HealthCheck.json | 212 ++ app/assets/2.1.x/raw/protos/HttpMethod.json | 34 + .../2.1.x/raw/protos/KumaDpVersion.json | 34 + app/assets/2.1.x/raw/protos/KumaResource.json | 49 + app/assets/2.1.x/raw/protos/Logging.json | 49 + .../2.1.x/raw/protos/LoggingBackend.json | 31 + app/assets/2.1.x/raw/protos/Mesh.json | 379 +++ app/assets/2.1.x/raw/protos/MeshGateway.json | 204 ++ .../2.1.x/raw/protos/MeshGatewayRoute.json | 434 ++++ app/assets/2.1.x/raw/protos/MeshInsight.json | 153 ++ app/assets/2.1.x/raw/protos/Message.json | 789 +++++++ app/assets/2.1.x/raw/protos/Metrics.json | 46 + .../2.1.x/raw/protos/MetricsBackend.json | 27 + app/assets/2.1.x/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 92 + .../2.1.x/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../2.1.x/raw/protos/ProxyTemplateSource.json | 78 + app/assets/2.1.x/raw/protos/RateLimit.json | 120 + app/assets/2.1.x/raw/protos/Retry.json | 224 ++ app/assets/2.1.x/raw/protos/Routing.json | 22 + app/assets/2.1.x/raw/protos/Selector.json | 21 + .../2.1.x/raw/protos/ServiceInsight.json | 100 + app/assets/2.1.x/raw/protos/StatsRequest.json | 30 + .../2.1.x/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/2.1.x/raw/protos/Timeout.json | 138 ++ app/assets/2.1.x/raw/protos/Tracing.json | 51 + .../2.1.x/raw/protos/TracingBackend.json | 32 + app/assets/2.1.x/raw/protos/TrafficLog.json | 60 + .../2.1.x/raw/protos/TrafficPermission.json | 43 + app/assets/2.1.x/raw/protos/TrafficRoute.json | 390 +++ app/assets/2.1.x/raw/protos/TrafficTrace.json | 53 + app/assets/2.1.x/raw/protos/Version.json | 79 + .../2.1.x/raw/protos/VirtualOutbound.json | 78 + .../2.1.x/raw/protos/XDSConfigRequest.json | 30 + .../2.1.x/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/2.1.x/raw/protos/ZoneEgress.json | 54 + .../2.1.x/raw/protos/ZoneEgressInsight.json | 194 ++ .../2.1.x/raw/protos/ZoneEgressOverview.json | 258 ++ app/assets/2.1.x/raw/protos/ZoneIngress.json | 95 + .../2.1.x/raw/protos/ZoneIngressInsight.json | 194 ++ .../2.1.x/raw/protos/ZoneIngressOverview.json | 299 +++ .../raw/crds/kuma.io_circuitbreakers.yaml | 45 + .../raw/crds/kuma.io_containerpatches.yaml | 110 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 45 + .../2.2.x/raw/crds/kuma.io_dataplanes.yaml | 45 + .../raw/crds/kuma.io_externalservices.yaml | 45 + .../raw/crds/kuma.io_faultinjections.yaml | 45 + .../2.2.x/raw/crds/kuma.io_healthchecks.yaml | 45 + .../raw/crds/kuma.io_meshaccesslogs.yaml | 327 +++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 652 +++++ app/assets/2.2.x/raw/crds/kuma.io_meshes.yaml | 45 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 189 ++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 204 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 331 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 45 + .../2.2.x/raw/crds/kuma.io_meshgateways.yaml | 45 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 303 +++ .../raw/crds/kuma.io_meshhttproutes.yaml | 497 ++++ .../2.2.x/raw/crds/kuma.io_meshinsights.yaml | 45 + .../kuma.io_meshloadbalancingstrategies.yaml | 415 ++++ .../raw/crds/kuma.io_meshproxypatches.yaml | 504 ++++ .../raw/crds/kuma.io_meshratelimits.yaml | 227 ++ .../2.2.x/raw/crds/kuma.io_meshretries.yaml | 397 ++++ .../2.2.x/raw/crds/kuma.io_meshtimeouts.yaml | 243 ++ .../2.2.x/raw/crds/kuma.io_meshtraces.yaml | 213 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 125 + .../raw/crds/kuma.io_proxytemplates.yaml | 45 + .../2.2.x/raw/crds/kuma.io_ratelimits.yaml | 45 + .../2.2.x/raw/crds/kuma.io_retries.yaml | 45 + .../raw/crds/kuma.io_serviceinsights.yaml | 45 + .../2.2.x/raw/crds/kuma.io_timeouts.yaml | 45 + .../2.2.x/raw/crds/kuma.io_trafficlogs.yaml | 45 + .../raw/crds/kuma.io_trafficpermissions.yaml | 45 + .../2.2.x/raw/crds/kuma.io_trafficroutes.yaml | 45 + .../2.2.x/raw/crds/kuma.io_traffictraces.yaml | 45 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 45 + .../2.2.x/raw/crds/kuma.io_zoneegresses.yaml | 45 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 45 + .../2.2.x/raw/crds/kuma.io_zoneingresses.yaml | 45 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 46 + .../2.2.x/raw/crds/kuma.io_zoneinsights.yaml | 45 + app/assets/2.2.x/raw/crds/kuma.io_zones.yaml | 45 + app/assets/2.2.x/raw/helm-values.yaml | 709 ++++++ app/assets/2.2.x/raw/kuma-cp.yaml | 667 ++++++ .../protos/CertificateAuthorityBackend.json | 98 + .../2.2.x/raw/protos/CircuitBreaker.json | 198 ++ .../2.2.x/raw/protos/ClustersRequest.json | 30 + .../2.2.x/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/2.2.x/raw/protos/Dataplane.json | 329 +++ .../2.2.x/raw/protos/DataplaneInsight.json | 232 ++ .../2.2.x/raw/protos/DataplaneOverview.json | 571 +++++ .../raw/protos/DiscoveryServiceStats.json | 26 + .../raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/2.2.x/raw/protos/EnvoyAdmin.json | 17 + app/assets/2.2.x/raw/protos/EnvoyVersion.json | 26 + .../2.2.x/raw/protos/ExternalService.json | 107 + .../2.2.x/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/2.2.x/raw/protos/HealthCheck.json | 212 ++ app/assets/2.2.x/raw/protos/HttpMethod.json | 34 + .../2.2.x/raw/protos/KumaDpVersion.json | 34 + app/assets/2.2.x/raw/protos/KumaResource.json | 49 + app/assets/2.2.x/raw/protos/Logging.json | 49 + .../2.2.x/raw/protos/LoggingBackend.json | 31 + app/assets/2.2.x/raw/protos/Mesh.json | 379 +++ app/assets/2.2.x/raw/protos/MeshGateway.json | 198 ++ .../2.2.x/raw/protos/MeshGatewayRoute.json | 442 ++++ app/assets/2.2.x/raw/protos/MeshInsight.json | 153 ++ app/assets/2.2.x/raw/protos/Message.json | 789 +++++++ app/assets/2.2.x/raw/protos/Metrics.json | 46 + .../2.2.x/raw/protos/MetricsBackend.json | 27 + app/assets/2.2.x/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 92 + .../2.2.x/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../2.2.x/raw/protos/ProxyTemplateSource.json | 78 + app/assets/2.2.x/raw/protos/RateLimit.json | 120 + app/assets/2.2.x/raw/protos/Retry.json | 224 ++ app/assets/2.2.x/raw/protos/Routing.json | 22 + app/assets/2.2.x/raw/protos/Selector.json | 21 + .../2.2.x/raw/protos/ServiceInsight.json | 100 + app/assets/2.2.x/raw/protos/StatsRequest.json | 30 + .../2.2.x/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/2.2.x/raw/protos/Timeout.json | 138 ++ app/assets/2.2.x/raw/protos/Tracing.json | 51 + .../2.2.x/raw/protos/TracingBackend.json | 32 + app/assets/2.2.x/raw/protos/TrafficLog.json | 60 + .../2.2.x/raw/protos/TrafficPermission.json | 43 + app/assets/2.2.x/raw/protos/TrafficRoute.json | 390 +++ app/assets/2.2.x/raw/protos/TrafficTrace.json | 53 + app/assets/2.2.x/raw/protos/Version.json | 79 + .../2.2.x/raw/protos/VirtualOutbound.json | 78 + .../2.2.x/raw/protos/XDSConfigRequest.json | 30 + .../2.2.x/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/2.2.x/raw/protos/ZoneEgress.json | 54 + .../2.2.x/raw/protos/ZoneEgressInsight.json | 194 ++ .../2.2.x/raw/protos/ZoneEgressOverview.json | 258 ++ app/assets/2.2.x/raw/protos/ZoneIngress.json | 95 + .../2.2.x/raw/protos/ZoneIngressInsight.json | 194 ++ .../2.2.x/raw/protos/ZoneIngressOverview.json | 299 +++ .../raw/crds/kuma.io_circuitbreakers.yaml | 44 + .../raw/crds/kuma.io_containerpatches.yaml | 109 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 44 + .../2.3.x/raw/crds/kuma.io_dataplanes.yaml | 64 + .../raw/crds/kuma.io_externalservices.yaml | 44 + .../raw/crds/kuma.io_faultinjections.yaml | 44 + .../2.3.x/raw/crds/kuma.io_healthchecks.yaml | 44 + .../raw/crds/kuma.io_meshaccesslogs.yaml | 370 +++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 651 +++++ app/assets/2.3.x/raw/crds/kuma.io_meshes.yaml | 44 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 188 ++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 204 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 331 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 44 + .../2.3.x/raw/crds/kuma.io_meshgateways.yaml | 44 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 302 +++ .../raw/crds/kuma.io_meshhttproutes.yaml | 501 ++++ .../2.3.x/raw/crds/kuma.io_meshinsights.yaml | 44 + .../kuma.io_meshloadbalancingstrategies.yaml | 414 ++++ .../raw/crds/kuma.io_meshproxypatches.yaml | 503 ++++ .../raw/crds/kuma.io_meshratelimits.yaml | 226 ++ .../2.3.x/raw/crds/kuma.io_meshretries.yaml | 396 ++++ .../2.3.x/raw/crds/kuma.io_meshtcproutes.yaml | 165 ++ .../2.3.x/raw/crds/kuma.io_meshtimeouts.yaml | 242 ++ .../2.3.x/raw/crds/kuma.io_meshtraces.yaml | 220 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 124 + .../raw/crds/kuma.io_proxytemplates.yaml | 44 + .../2.3.x/raw/crds/kuma.io_ratelimits.yaml | 44 + .../2.3.x/raw/crds/kuma.io_retries.yaml | 44 + .../raw/crds/kuma.io_serviceinsights.yaml | 44 + .../2.3.x/raw/crds/kuma.io_timeouts.yaml | 44 + .../2.3.x/raw/crds/kuma.io_trafficlogs.yaml | 44 + .../raw/crds/kuma.io_trafficpermissions.yaml | 44 + .../2.3.x/raw/crds/kuma.io_trafficroutes.yaml | 44 + .../2.3.x/raw/crds/kuma.io_traffictraces.yaml | 44 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 44 + .../2.3.x/raw/crds/kuma.io_zoneegresses.yaml | 44 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 44 + .../2.3.x/raw/crds/kuma.io_zoneingresses.yaml | 44 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 45 + .../2.3.x/raw/crds/kuma.io_zoneinsights.yaml | 44 + app/assets/2.3.x/raw/crds/kuma.io_zones.yaml | 44 + app/assets/2.3.x/raw/helm-values.yaml | 717 ++++++ app/assets/2.3.x/raw/kuma-cp.yaml | 694 ++++++ .../protos/CertificateAuthorityBackend.json | 98 + .../2.3.x/raw/protos/CircuitBreaker.json | 198 ++ .../2.3.x/raw/protos/ClustersRequest.json | 30 + .../2.3.x/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/2.3.x/raw/protos/Dataplane.json | 329 +++ .../2.3.x/raw/protos/DataplaneInsight.json | 232 ++ .../2.3.x/raw/protos/DataplaneOverview.json | 571 +++++ .../raw/protos/DiscoveryServiceStats.json | 26 + .../raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/2.3.x/raw/protos/EnvoyAdmin.json | 17 + app/assets/2.3.x/raw/protos/EnvoyVersion.json | 26 + .../2.3.x/raw/protos/ExternalService.json | 107 + .../2.3.x/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/2.3.x/raw/protos/HealthCheck.json | 212 ++ app/assets/2.3.x/raw/protos/HttpMethod.json | 34 + .../2.3.x/raw/protos/KumaDpVersion.json | 34 + app/assets/2.3.x/raw/protos/KumaResource.json | 49 + app/assets/2.3.x/raw/protos/Logging.json | 49 + .../2.3.x/raw/protos/LoggingBackend.json | 31 + app/assets/2.3.x/raw/protos/Mesh.json | 386 +++ app/assets/2.3.x/raw/protos/MeshGateway.json | 202 ++ .../2.3.x/raw/protos/MeshGatewayRoute.json | 442 ++++ app/assets/2.3.x/raw/protos/MeshInsight.json | 153 ++ app/assets/2.3.x/raw/protos/Message.json | 789 +++++++ app/assets/2.3.x/raw/protos/Metrics.json | 46 + .../2.3.x/raw/protos/MetricsBackend.json | 27 + app/assets/2.3.x/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 92 + .../2.3.x/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../2.3.x/raw/protos/ProxyTemplateSource.json | 78 + app/assets/2.3.x/raw/protos/RateLimit.json | 120 + app/assets/2.3.x/raw/protos/Retry.json | 224 ++ app/assets/2.3.x/raw/protos/Routing.json | 22 + app/assets/2.3.x/raw/protos/Selector.json | 21 + .../2.3.x/raw/protos/ServiceInsight.json | 100 + app/assets/2.3.x/raw/protos/StatsRequest.json | 30 + .../2.3.x/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/2.3.x/raw/protos/Timeout.json | 138 ++ app/assets/2.3.x/raw/protos/Tracing.json | 51 + .../2.3.x/raw/protos/TracingBackend.json | 32 + app/assets/2.3.x/raw/protos/TrafficLog.json | 60 + .../2.3.x/raw/protos/TrafficPermission.json | 43 + app/assets/2.3.x/raw/protos/TrafficRoute.json | 390 +++ app/assets/2.3.x/raw/protos/TrafficTrace.json | 53 + app/assets/2.3.x/raw/protos/Version.json | 79 + .../2.3.x/raw/protos/VirtualOutbound.json | 78 + .../2.3.x/raw/protos/XDSConfigRequest.json | 30 + .../2.3.x/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/2.3.x/raw/protos/ZoneEgress.json | 54 + .../2.3.x/raw/protos/ZoneEgressInsight.json | 194 ++ .../2.3.x/raw/protos/ZoneEgressOverview.json | 258 ++ app/assets/2.3.x/raw/protos/ZoneIngress.json | 95 + .../2.3.x/raw/protos/ZoneIngressInsight.json | 194 ++ .../2.3.x/raw/protos/ZoneIngressOverview.json | 299 +++ .../raw/crds/kuma.io_circuitbreakers.yaml | 44 + .../raw/crds/kuma.io_containerpatches.yaml | 109 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 44 + .../2.4.x/raw/crds/kuma.io_dataplanes.yaml | 64 + .../raw/crds/kuma.io_externalservices.yaml | 44 + .../raw/crds/kuma.io_faultinjections.yaml | 44 + .../2.4.x/raw/crds/kuma.io_healthchecks.yaml | 44 + .../raw/crds/kuma.io_meshaccesslogs.yaml | 391 +++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 662 ++++++ app/assets/2.4.x/raw/crds/kuma.io_meshes.yaml | 44 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 198 ++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 204 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 331 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 44 + .../2.4.x/raw/crds/kuma.io_meshgateways.yaml | 44 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 312 +++ .../raw/crds/kuma.io_meshhttproutes.yaml | 513 ++++ .../2.4.x/raw/crds/kuma.io_meshinsights.yaml | 44 + .../kuma.io_meshloadbalancingstrategies.yaml | 424 ++++ .../raw/crds/kuma.io_meshproxypatches.yaml | 512 ++++ .../raw/crds/kuma.io_meshratelimits.yaml | 236 ++ .../2.4.x/raw/crds/kuma.io_meshretries.yaml | 406 ++++ .../2.4.x/raw/crds/kuma.io_meshtcproutes.yaml | 176 ++ .../2.4.x/raw/crds/kuma.io_meshtimeouts.yaml | 253 ++ .../2.4.x/raw/crds/kuma.io_meshtraces.yaml | 229 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 134 ++ .../raw/crds/kuma.io_proxytemplates.yaml | 44 + .../2.4.x/raw/crds/kuma.io_ratelimits.yaml | 44 + .../2.4.x/raw/crds/kuma.io_retries.yaml | 44 + .../raw/crds/kuma.io_serviceinsights.yaml | 44 + .../2.4.x/raw/crds/kuma.io_timeouts.yaml | 44 + .../2.4.x/raw/crds/kuma.io_trafficlogs.yaml | 44 + .../raw/crds/kuma.io_trafficpermissions.yaml | 44 + .../2.4.x/raw/crds/kuma.io_trafficroutes.yaml | 44 + .../2.4.x/raw/crds/kuma.io_traffictraces.yaml | 44 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 44 + .../2.4.x/raw/crds/kuma.io_zoneegresses.yaml | 44 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 44 + .../2.4.x/raw/crds/kuma.io_zoneingresses.yaml | 44 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 45 + .../2.4.x/raw/crds/kuma.io_zoneinsights.yaml | 44 + app/assets/2.4.x/raw/crds/kuma.io_zones.yaml | 44 + app/assets/2.4.x/raw/helm-values.yaml | 717 ++++++ app/assets/2.4.x/raw/kuma-cp.yaml | 719 ++++++ .../protos/CertificateAuthorityBackend.json | 98 + .../2.4.x/raw/protos/CircuitBreaker.json | 198 ++ .../2.4.x/raw/protos/ClustersRequest.json | 30 + .../2.4.x/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/2.4.x/raw/protos/Dataplane.json | 325 +++ .../2.4.x/raw/protos/DataplaneInsight.json | 232 ++ .../2.4.x/raw/protos/DataplaneOverview.json | 567 +++++ .../raw/protos/DiscoveryServiceStats.json | 26 + .../raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/2.4.x/raw/protos/EnvoyAdmin.json | 17 + app/assets/2.4.x/raw/protos/EnvoyVersion.json | 26 + .../2.4.x/raw/protos/ExternalService.json | 107 + .../2.4.x/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/2.4.x/raw/protos/HealthCheck.json | 212 ++ app/assets/2.4.x/raw/protos/HttpMethod.json | 34 + .../2.4.x/raw/protos/KumaDpVersion.json | 34 + app/assets/2.4.x/raw/protos/KumaResource.json | 49 + app/assets/2.4.x/raw/protos/Logging.json | 49 + .../2.4.x/raw/protos/LoggingBackend.json | 31 + app/assets/2.4.x/raw/protos/Mesh.json | 386 +++ app/assets/2.4.x/raw/protos/MeshGateway.json | 202 ++ .../2.4.x/raw/protos/MeshGatewayRoute.json | 442 ++++ app/assets/2.4.x/raw/protos/MeshInsight.json | 153 ++ app/assets/2.4.x/raw/protos/Message.json | 789 +++++++ app/assets/2.4.x/raw/protos/Metrics.json | 46 + .../2.4.x/raw/protos/MetricsBackend.json | 27 + app/assets/2.4.x/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 124 + .../2.4.x/raw/protos/PrometheusTlsConfig.json | 33 + .../2.4.x/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../2.4.x/raw/protos/ProxyTemplateSource.json | 78 + app/assets/2.4.x/raw/protos/RateLimit.json | 120 + app/assets/2.4.x/raw/protos/Retry.json | 224 ++ app/assets/2.4.x/raw/protos/Routing.json | 22 + app/assets/2.4.x/raw/protos/Selector.json | 21 + .../2.4.x/raw/protos/ServiceInsight.json | 100 + app/assets/2.4.x/raw/protos/StatsRequest.json | 30 + .../2.4.x/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/2.4.x/raw/protos/Timeout.json | 138 ++ app/assets/2.4.x/raw/protos/Tracing.json | 51 + .../2.4.x/raw/protos/TracingBackend.json | 32 + app/assets/2.4.x/raw/protos/TrafficLog.json | 60 + .../2.4.x/raw/protos/TrafficPermission.json | 43 + app/assets/2.4.x/raw/protos/TrafficRoute.json | 390 +++ app/assets/2.4.x/raw/protos/TrafficTrace.json | 53 + app/assets/2.4.x/raw/protos/Version.json | 79 + .../2.4.x/raw/protos/VirtualOutbound.json | 78 + .../2.4.x/raw/protos/XDSConfigRequest.json | 30 + .../2.4.x/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/2.4.x/raw/protos/ZoneEgress.json | 54 + .../2.4.x/raw/protos/ZoneEgressInsight.json | 194 ++ .../2.4.x/raw/protos/ZoneEgressOverview.json | 258 ++ app/assets/2.4.x/raw/protos/ZoneIngress.json | 95 + .../2.4.x/raw/protos/ZoneIngressInsight.json | 194 ++ .../2.4.x/raw/protos/ZoneIngressOverview.json | 299 +++ .../raw/crds/kuma.io_circuitbreakers.yaml | 44 + .../raw/crds/kuma.io_containerpatches.yaml | 109 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 44 + .../2.5.x/raw/crds/kuma.io_dataplanes.yaml | 64 + .../raw/crds/kuma.io_externalservices.yaml | 44 + .../raw/crds/kuma.io_faultinjections.yaml | 44 + .../2.5.x/raw/crds/kuma.io_healthchecks.yaml | 44 + .../raw/crds/kuma.io_meshaccesslogs.yaml | 391 +++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 662 ++++++ app/assets/2.5.x/raw/crds/kuma.io_meshes.yaml | 44 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 198 ++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 204 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 331 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 44 + .../2.5.x/raw/crds/kuma.io_meshgateways.yaml | 44 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 312 +++ .../raw/crds/kuma.io_meshhttproutes.yaml | 513 ++++ .../2.5.x/raw/crds/kuma.io_meshinsights.yaml | 44 + .../kuma.io_meshloadbalancingstrategies.yaml | 525 ++++ .../raw/crds/kuma.io_meshproxypatches.yaml | 512 ++++ .../raw/crds/kuma.io_meshratelimits.yaml | 236 ++ .../2.5.x/raw/crds/kuma.io_meshretries.yaml | 406 ++++ .../2.5.x/raw/crds/kuma.io_meshtcproutes.yaml | 176 ++ .../2.5.x/raw/crds/kuma.io_meshtimeouts.yaml | 253 ++ .../2.5.x/raw/crds/kuma.io_meshtraces.yaml | 229 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 134 ++ .../raw/crds/kuma.io_proxytemplates.yaml | 44 + .../2.5.x/raw/crds/kuma.io_ratelimits.yaml | 44 + .../2.5.x/raw/crds/kuma.io_retries.yaml | 44 + .../raw/crds/kuma.io_serviceinsights.yaml | 44 + .../2.5.x/raw/crds/kuma.io_timeouts.yaml | 44 + .../2.5.x/raw/crds/kuma.io_trafficlogs.yaml | 44 + .../raw/crds/kuma.io_trafficpermissions.yaml | 44 + .../2.5.x/raw/crds/kuma.io_trafficroutes.yaml | 44 + .../2.5.x/raw/crds/kuma.io_traffictraces.yaml | 44 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 44 + .../2.5.x/raw/crds/kuma.io_zoneegresses.yaml | 44 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 44 + .../2.5.x/raw/crds/kuma.io_zoneingresses.yaml | 44 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 45 + .../2.5.x/raw/crds/kuma.io_zoneinsights.yaml | 44 + app/assets/2.5.x/raw/crds/kuma.io_zones.yaml | 44 + app/assets/2.5.x/raw/helm-values.yaml | 733 ++++++ app/assets/2.5.x/raw/kuma-cp.yaml | 771 ++++++ .../protos/CertificateAuthorityBackend.json | 98 + .../2.5.x/raw/protos/CircuitBreaker.json | 198 ++ .../2.5.x/raw/protos/ClustersRequest.json | 30 + .../2.5.x/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/2.5.x/raw/protos/Dataplane.json | 344 +++ .../2.5.x/raw/protos/DataplaneInsight.json | 232 ++ .../2.5.x/raw/protos/DataplaneOverview.json | 586 +++++ .../raw/protos/DiscoveryServiceStats.json | 26 + .../raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/2.5.x/raw/protos/EnvoyAdmin.json | 17 + app/assets/2.5.x/raw/protos/EnvoyVersion.json | 26 + .../2.5.x/raw/protos/ExternalService.json | 112 + .../2.5.x/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/2.5.x/raw/protos/HealthCheck.json | 212 ++ app/assets/2.5.x/raw/protos/HttpMethod.json | 34 + .../2.5.x/raw/protos/KumaDpVersion.json | 34 + app/assets/2.5.x/raw/protos/KumaResource.json | 49 + app/assets/2.5.x/raw/protos/Logging.json | 49 + .../2.5.x/raw/protos/LoggingBackend.json | 31 + app/assets/2.5.x/raw/protos/Mesh.json | 390 +++ app/assets/2.5.x/raw/protos/MeshGateway.json | 202 ++ .../2.5.x/raw/protos/MeshGatewayRoute.json | 442 ++++ app/assets/2.5.x/raw/protos/MeshInsight.json | 161 ++ app/assets/2.5.x/raw/protos/Message.json | 789 +++++++ app/assets/2.5.x/raw/protos/Metrics.json | 46 + .../2.5.x/raw/protos/MetricsBackend.json | 27 + app/assets/2.5.x/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 124 + .../2.5.x/raw/protos/PrometheusTlsConfig.json | 33 + .../2.5.x/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../2.5.x/raw/protos/ProxyTemplateSource.json | 78 + app/assets/2.5.x/raw/protos/RateLimit.json | 120 + app/assets/2.5.x/raw/protos/Retry.json | 224 ++ app/assets/2.5.x/raw/protos/Routing.json | 22 + app/assets/2.5.x/raw/protos/Selector.json | 21 + .../2.5.x/raw/protos/ServiceInsight.json | 100 + app/assets/2.5.x/raw/protos/StatsRequest.json | 30 + .../2.5.x/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/2.5.x/raw/protos/Timeout.json | 138 ++ app/assets/2.5.x/raw/protos/Tracing.json | 51 + .../2.5.x/raw/protos/TracingBackend.json | 32 + app/assets/2.5.x/raw/protos/TrafficLog.json | 60 + .../2.5.x/raw/protos/TrafficPermission.json | 43 + app/assets/2.5.x/raw/protos/TrafficRoute.json | 390 +++ app/assets/2.5.x/raw/protos/TrafficTrace.json | 53 + app/assets/2.5.x/raw/protos/Version.json | 79 + .../2.5.x/raw/protos/VirtualOutbound.json | 78 + .../2.5.x/raw/protos/XDSConfigRequest.json | 30 + .../2.5.x/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/2.5.x/raw/protos/ZoneEgress.json | 54 + .../2.5.x/raw/protos/ZoneEgressInsight.json | 194 ++ .../2.5.x/raw/protos/ZoneEgressOverview.json | 258 ++ .../raw/protos/ZoneHealthCheckRequest.json | 11 + .../raw/protos/ZoneHealthCheckResponse.json | 19 + app/assets/2.5.x/raw/protos/ZoneIngress.json | 95 + .../2.5.x/raw/protos/ZoneIngressInsight.json | 194 ++ .../2.5.x/raw/protos/ZoneIngressOverview.json | 299 +++ .../dev/raw/crds/kuma.io_circuitbreakers.yaml | 44 + .../raw/crds/kuma.io_containerpatches.yaml | 109 + .../raw/crds/kuma.io_dataplaneinsights.yaml | 44 + .../dev/raw/crds/kuma.io_dataplanes.yaml | 64 + .../raw/crds/kuma.io_externalservices.yaml | 44 + .../dev/raw/crds/kuma.io_faultinjections.yaml | 44 + .../dev/raw/crds/kuma.io_healthchecks.yaml | 44 + .../dev/raw/crds/kuma.io_meshaccesslogs.yaml | 445 ++++ .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 662 ++++++ app/assets/dev/raw/crds/kuma.io_meshes.yaml | 44 + .../raw/crds/kuma.io_meshfaultinjections.yaml | 314 +++ .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 204 ++ .../crds/kuma.io_meshgatewayinstances.yaml | 342 +++ .../raw/crds/kuma.io_meshgatewayroutes.yaml | 44 + .../dev/raw/crds/kuma.io_meshgateways.yaml | 44 + .../raw/crds/kuma.io_meshhealthchecks.yaml | 312 +++ .../dev/raw/crds/kuma.io_meshhttproutes.yaml | 513 ++++ .../dev/raw/crds/kuma.io_meshinsights.yaml | 44 + .../kuma.io_meshloadbalancingstrategies.yaml | 538 +++++ .../dev/raw/crds/kuma.io_meshmetrics.yaml | 169 ++ .../raw/crds/kuma.io_meshproxypatches.yaml | 512 ++++ .../dev/raw/crds/kuma.io_meshratelimits.yaml | 236 ++ .../dev/raw/crds/kuma.io_meshretries.yaml | 447 ++++ .../dev/raw/crds/kuma.io_meshtcproutes.yaml | 176 ++ .../dev/raw/crds/kuma.io_meshtimeouts.yaml | 253 ++ .../dev/raw/crds/kuma.io_meshtraces.yaml | 234 ++ .../crds/kuma.io_meshtrafficpermissions.yaml | 134 ++ .../dev/raw/crds/kuma.io_proxytemplates.yaml | 44 + .../dev/raw/crds/kuma.io_ratelimits.yaml | 44 + app/assets/dev/raw/crds/kuma.io_retries.yaml | 44 + .../dev/raw/crds/kuma.io_serviceinsights.yaml | 44 + app/assets/dev/raw/crds/kuma.io_timeouts.yaml | 44 + .../dev/raw/crds/kuma.io_trafficlogs.yaml | 44 + .../raw/crds/kuma.io_trafficpermissions.yaml | 44 + .../dev/raw/crds/kuma.io_trafficroutes.yaml | 44 + .../dev/raw/crds/kuma.io_traffictraces.yaml | 44 + .../raw/crds/kuma.io_virtualoutbounds.yaml | 44 + .../dev/raw/crds/kuma.io_zoneegresses.yaml | 44 + .../raw/crds/kuma.io_zoneegressinsights.yaml | 44 + .../dev/raw/crds/kuma.io_zoneingresses.yaml | 44 + .../raw/crds/kuma.io_zoneingressinsights.yaml | 45 + .../dev/raw/crds/kuma.io_zoneinsights.yaml | 44 + app/assets/dev/raw/crds/kuma.io_zones.yaml | 44 + app/assets/dev/raw/helm-values.yaml | 738 ++++++ app/assets/dev/raw/kuma-cp.yaml | 768 ++++++ .../protos/CertificateAuthorityBackend.json | 98 + app/assets/dev/raw/protos/CircuitBreaker.json | 198 ++ .../dev/raw/protos/ClustersRequest.json | 30 + .../dev/raw/protos/ClustersResponse.json | 28 + .../protos/DatadogTracingBackendConfig.json | 25 + app/assets/dev/raw/protos/Dataplane.json | 344 +++ .../dev/raw/protos/DataplaneInsight.json | 232 ++ .../dev/raw/protos/DataplaneOverview.json | 586 +++++ .../dev/raw/protos/DiscoveryServiceStats.json | 26 + .../dev/raw/protos/DiscoverySubscription.json | 179 ++ .../protos/DiscoverySubscriptionStatus.json | 64 + app/assets/dev/raw/protos/EnvoyAdmin.json | 17 + app/assets/dev/raw/protos/EnvoyVersion.json | 26 + .../dev/raw/protos/ExternalService.json | 112 + app/assets/dev/raw/protos/FaultInjection.json | 126 + .../raw/protos/FileLoggingBackendConfig.json | 18 + app/assets/dev/raw/protos/HealthCheck.json | 212 ++ app/assets/dev/raw/protos/HttpMethod.json | 34 + app/assets/dev/raw/protos/KumaDpVersion.json | 34 + app/assets/dev/raw/protos/KumaResource.json | 55 + app/assets/dev/raw/protos/Logging.json | 49 + app/assets/dev/raw/protos/LoggingBackend.json | 31 + app/assets/dev/raw/protos/Mesh.json | 390 +++ app/assets/dev/raw/protos/MeshGateway.json | 202 ++ .../dev/raw/protos/MeshGatewayRoute.json | 442 ++++ app/assets/dev/raw/protos/MeshInsight.json | 161 ++ app/assets/dev/raw/protos/Message.json | 789 +++++++ app/assets/dev/raw/protos/Metrics.json | 46 + app/assets/dev/raw/protos/MetricsBackend.json | 27 + app/assets/dev/raw/protos/Networking.json | 32 + .../PrometheusAggregateMetricsConfig.json | 35 + .../dev/raw/protos/PrometheusEnvoyConfig.json | 23 + .../PrometheusMetricsBackendConfig.json | 124 + .../dev/raw/protos/PrometheusTlsConfig.json | 33 + app/assets/dev/raw/protos/ProxyTemplate.json | 339 +++ .../protos/ProxyTemplateProfileSource.json | 24 + .../raw/protos/ProxyTemplateRawResource.json | 25 + .../raw/protos/ProxyTemplateRawSource.json | 39 + .../dev/raw/protos/ProxyTemplateSource.json | 78 + app/assets/dev/raw/protos/RateLimit.json | 120 + app/assets/dev/raw/protos/Retry.json | 224 ++ app/assets/dev/raw/protos/Routing.json | 22 + app/assets/dev/raw/protos/Selector.json | 21 + app/assets/dev/raw/protos/ServiceInsight.json | 100 + app/assets/dev/raw/protos/StatsRequest.json | 30 + app/assets/dev/raw/protos/StatsResponse.json | 28 + .../raw/protos/TcpLoggingBackendConfig.json | 18 + app/assets/dev/raw/protos/Timeout.json | 138 ++ app/assets/dev/raw/protos/Tracing.json | 51 + app/assets/dev/raw/protos/TracingBackend.json | 32 + app/assets/dev/raw/protos/TrafficLog.json | 60 + .../dev/raw/protos/TrafficPermission.json | 43 + app/assets/dev/raw/protos/TrafficRoute.json | 390 +++ app/assets/dev/raw/protos/TrafficTrace.json | 53 + app/assets/dev/raw/protos/Version.json | 79 + .../dev/raw/protos/VirtualOutbound.json | 78 + .../dev/raw/protos/XDSConfigRequest.json | 30 + .../dev/raw/protos/XDSConfigResponse.json | 28 + .../protos/ZipkinTracingBackendConfig.json | 30 + app/assets/dev/raw/protos/ZoneEgress.json | 54 + .../dev/raw/protos/ZoneEgressInsight.json | 194 ++ .../dev/raw/protos/ZoneEgressOverview.json | 258 ++ .../raw/protos/ZoneHealthCheckRequest.json | 11 + .../raw/protos/ZoneHealthCheckResponse.json | 19 + app/assets/dev/raw/protos/ZoneIngress.json | 95 + .../dev/raw/protos/ZoneIngressInsight.json | 194 ++ .../dev/raw/protos/ZoneIngressOverview.json | 299 +++ app/assets/raw/CHANGELOG.md | 2101 +++++++++++++++++ app/assets/raw/UPGRADE.md | 1135 +++++++++ 655 files changed, 95827 insertions(+) create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/2.1.x/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/2.1.x/raw/helm-values.yaml create mode 100644 app/assets/2.1.x/raw/kuma-cp.yaml create mode 100644 app/assets/2.1.x/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/2.1.x/raw/protos/CircuitBreaker.json create mode 100644 app/assets/2.1.x/raw/protos/ClustersRequest.json create mode 100644 app/assets/2.1.x/raw/protos/ClustersResponse.json create mode 100644 app/assets/2.1.x/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/2.1.x/raw/protos/Dataplane.json create mode 100644 app/assets/2.1.x/raw/protos/DataplaneInsight.json create mode 100644 app/assets/2.1.x/raw/protos/DataplaneOverview.json create mode 100644 app/assets/2.1.x/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/2.1.x/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/2.1.x/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/2.1.x/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/2.1.x/raw/protos/EnvoyVersion.json create mode 100644 app/assets/2.1.x/raw/protos/ExternalService.json create mode 100644 app/assets/2.1.x/raw/protos/FaultInjection.json create mode 100644 app/assets/2.1.x/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/2.1.x/raw/protos/HealthCheck.json create mode 100644 app/assets/2.1.x/raw/protos/HttpMethod.json create mode 100644 app/assets/2.1.x/raw/protos/KumaDpVersion.json create mode 100644 app/assets/2.1.x/raw/protos/KumaResource.json create mode 100644 app/assets/2.1.x/raw/protos/Logging.json create mode 100644 app/assets/2.1.x/raw/protos/LoggingBackend.json create mode 100644 app/assets/2.1.x/raw/protos/Mesh.json create mode 100644 app/assets/2.1.x/raw/protos/MeshGateway.json create mode 100644 app/assets/2.1.x/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/2.1.x/raw/protos/MeshInsight.json create mode 100644 app/assets/2.1.x/raw/protos/Message.json create mode 100644 app/assets/2.1.x/raw/protos/Metrics.json create mode 100644 app/assets/2.1.x/raw/protos/MetricsBackend.json create mode 100644 app/assets/2.1.x/raw/protos/Networking.json create mode 100644 app/assets/2.1.x/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/2.1.x/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/2.1.x/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/2.1.x/raw/protos/ProxyTemplate.json create mode 100644 app/assets/2.1.x/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/2.1.x/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/2.1.x/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/2.1.x/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/2.1.x/raw/protos/RateLimit.json create mode 100644 app/assets/2.1.x/raw/protos/Retry.json create mode 100644 app/assets/2.1.x/raw/protos/Routing.json create mode 100644 app/assets/2.1.x/raw/protos/Selector.json create mode 100644 app/assets/2.1.x/raw/protos/ServiceInsight.json create mode 100644 app/assets/2.1.x/raw/protos/StatsRequest.json create mode 100644 app/assets/2.1.x/raw/protos/StatsResponse.json create mode 100644 app/assets/2.1.x/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/2.1.x/raw/protos/Timeout.json create mode 100644 app/assets/2.1.x/raw/protos/Tracing.json create mode 100644 app/assets/2.1.x/raw/protos/TracingBackend.json create mode 100644 app/assets/2.1.x/raw/protos/TrafficLog.json create mode 100644 app/assets/2.1.x/raw/protos/TrafficPermission.json create mode 100644 app/assets/2.1.x/raw/protos/TrafficRoute.json create mode 100644 app/assets/2.1.x/raw/protos/TrafficTrace.json create mode 100644 app/assets/2.1.x/raw/protos/Version.json create mode 100644 app/assets/2.1.x/raw/protos/VirtualOutbound.json create mode 100644 app/assets/2.1.x/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/2.1.x/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/2.1.x/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneEgress.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneIngress.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/2.1.x/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/2.2.x/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/2.2.x/raw/helm-values.yaml create mode 100644 app/assets/2.2.x/raw/kuma-cp.yaml create mode 100644 app/assets/2.2.x/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/2.2.x/raw/protos/CircuitBreaker.json create mode 100644 app/assets/2.2.x/raw/protos/ClustersRequest.json create mode 100644 app/assets/2.2.x/raw/protos/ClustersResponse.json create mode 100644 app/assets/2.2.x/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/2.2.x/raw/protos/Dataplane.json create mode 100644 app/assets/2.2.x/raw/protos/DataplaneInsight.json create mode 100644 app/assets/2.2.x/raw/protos/DataplaneOverview.json create mode 100644 app/assets/2.2.x/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/2.2.x/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/2.2.x/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/2.2.x/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/2.2.x/raw/protos/EnvoyVersion.json create mode 100644 app/assets/2.2.x/raw/protos/ExternalService.json create mode 100644 app/assets/2.2.x/raw/protos/FaultInjection.json create mode 100644 app/assets/2.2.x/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/2.2.x/raw/protos/HealthCheck.json create mode 100644 app/assets/2.2.x/raw/protos/HttpMethod.json create mode 100644 app/assets/2.2.x/raw/protos/KumaDpVersion.json create mode 100644 app/assets/2.2.x/raw/protos/KumaResource.json create mode 100644 app/assets/2.2.x/raw/protos/Logging.json create mode 100644 app/assets/2.2.x/raw/protos/LoggingBackend.json create mode 100644 app/assets/2.2.x/raw/protos/Mesh.json create mode 100644 app/assets/2.2.x/raw/protos/MeshGateway.json create mode 100644 app/assets/2.2.x/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/2.2.x/raw/protos/MeshInsight.json create mode 100644 app/assets/2.2.x/raw/protos/Message.json create mode 100644 app/assets/2.2.x/raw/protos/Metrics.json create mode 100644 app/assets/2.2.x/raw/protos/MetricsBackend.json create mode 100644 app/assets/2.2.x/raw/protos/Networking.json create mode 100644 app/assets/2.2.x/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/2.2.x/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/2.2.x/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/2.2.x/raw/protos/ProxyTemplate.json create mode 100644 app/assets/2.2.x/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/2.2.x/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/2.2.x/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/2.2.x/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/2.2.x/raw/protos/RateLimit.json create mode 100644 app/assets/2.2.x/raw/protos/Retry.json create mode 100644 app/assets/2.2.x/raw/protos/Routing.json create mode 100644 app/assets/2.2.x/raw/protos/Selector.json create mode 100644 app/assets/2.2.x/raw/protos/ServiceInsight.json create mode 100644 app/assets/2.2.x/raw/protos/StatsRequest.json create mode 100644 app/assets/2.2.x/raw/protos/StatsResponse.json create mode 100644 app/assets/2.2.x/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/2.2.x/raw/protos/Timeout.json create mode 100644 app/assets/2.2.x/raw/protos/Tracing.json create mode 100644 app/assets/2.2.x/raw/protos/TracingBackend.json create mode 100644 app/assets/2.2.x/raw/protos/TrafficLog.json create mode 100644 app/assets/2.2.x/raw/protos/TrafficPermission.json create mode 100644 app/assets/2.2.x/raw/protos/TrafficRoute.json create mode 100644 app/assets/2.2.x/raw/protos/TrafficTrace.json create mode 100644 app/assets/2.2.x/raw/protos/Version.json create mode 100644 app/assets/2.2.x/raw/protos/VirtualOutbound.json create mode 100644 app/assets/2.2.x/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/2.2.x/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/2.2.x/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneEgress.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneIngress.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/2.2.x/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshtcproutes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/2.3.x/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/2.3.x/raw/helm-values.yaml create mode 100644 app/assets/2.3.x/raw/kuma-cp.yaml create mode 100644 app/assets/2.3.x/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/2.3.x/raw/protos/CircuitBreaker.json create mode 100644 app/assets/2.3.x/raw/protos/ClustersRequest.json create mode 100644 app/assets/2.3.x/raw/protos/ClustersResponse.json create mode 100644 app/assets/2.3.x/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/2.3.x/raw/protos/Dataplane.json create mode 100644 app/assets/2.3.x/raw/protos/DataplaneInsight.json create mode 100644 app/assets/2.3.x/raw/protos/DataplaneOverview.json create mode 100644 app/assets/2.3.x/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/2.3.x/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/2.3.x/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/2.3.x/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/2.3.x/raw/protos/EnvoyVersion.json create mode 100644 app/assets/2.3.x/raw/protos/ExternalService.json create mode 100644 app/assets/2.3.x/raw/protos/FaultInjection.json create mode 100644 app/assets/2.3.x/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/2.3.x/raw/protos/HealthCheck.json create mode 100644 app/assets/2.3.x/raw/protos/HttpMethod.json create mode 100644 app/assets/2.3.x/raw/protos/KumaDpVersion.json create mode 100644 app/assets/2.3.x/raw/protos/KumaResource.json create mode 100644 app/assets/2.3.x/raw/protos/Logging.json create mode 100644 app/assets/2.3.x/raw/protos/LoggingBackend.json create mode 100644 app/assets/2.3.x/raw/protos/Mesh.json create mode 100644 app/assets/2.3.x/raw/protos/MeshGateway.json create mode 100644 app/assets/2.3.x/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/2.3.x/raw/protos/MeshInsight.json create mode 100644 app/assets/2.3.x/raw/protos/Message.json create mode 100644 app/assets/2.3.x/raw/protos/Metrics.json create mode 100644 app/assets/2.3.x/raw/protos/MetricsBackend.json create mode 100644 app/assets/2.3.x/raw/protos/Networking.json create mode 100644 app/assets/2.3.x/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/2.3.x/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/2.3.x/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/2.3.x/raw/protos/ProxyTemplate.json create mode 100644 app/assets/2.3.x/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/2.3.x/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/2.3.x/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/2.3.x/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/2.3.x/raw/protos/RateLimit.json create mode 100644 app/assets/2.3.x/raw/protos/Retry.json create mode 100644 app/assets/2.3.x/raw/protos/Routing.json create mode 100644 app/assets/2.3.x/raw/protos/Selector.json create mode 100644 app/assets/2.3.x/raw/protos/ServiceInsight.json create mode 100644 app/assets/2.3.x/raw/protos/StatsRequest.json create mode 100644 app/assets/2.3.x/raw/protos/StatsResponse.json create mode 100644 app/assets/2.3.x/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/2.3.x/raw/protos/Timeout.json create mode 100644 app/assets/2.3.x/raw/protos/Tracing.json create mode 100644 app/assets/2.3.x/raw/protos/TracingBackend.json create mode 100644 app/assets/2.3.x/raw/protos/TrafficLog.json create mode 100644 app/assets/2.3.x/raw/protos/TrafficPermission.json create mode 100644 app/assets/2.3.x/raw/protos/TrafficRoute.json create mode 100644 app/assets/2.3.x/raw/protos/TrafficTrace.json create mode 100644 app/assets/2.3.x/raw/protos/Version.json create mode 100644 app/assets/2.3.x/raw/protos/VirtualOutbound.json create mode 100644 app/assets/2.3.x/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/2.3.x/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/2.3.x/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneEgress.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneIngress.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/2.3.x/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshtcproutes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/2.4.x/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/2.4.x/raw/helm-values.yaml create mode 100644 app/assets/2.4.x/raw/kuma-cp.yaml create mode 100644 app/assets/2.4.x/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/2.4.x/raw/protos/CircuitBreaker.json create mode 100644 app/assets/2.4.x/raw/protos/ClustersRequest.json create mode 100644 app/assets/2.4.x/raw/protos/ClustersResponse.json create mode 100644 app/assets/2.4.x/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/2.4.x/raw/protos/Dataplane.json create mode 100644 app/assets/2.4.x/raw/protos/DataplaneInsight.json create mode 100644 app/assets/2.4.x/raw/protos/DataplaneOverview.json create mode 100644 app/assets/2.4.x/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/2.4.x/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/2.4.x/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/2.4.x/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/2.4.x/raw/protos/EnvoyVersion.json create mode 100644 app/assets/2.4.x/raw/protos/ExternalService.json create mode 100644 app/assets/2.4.x/raw/protos/FaultInjection.json create mode 100644 app/assets/2.4.x/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/2.4.x/raw/protos/HealthCheck.json create mode 100644 app/assets/2.4.x/raw/protos/HttpMethod.json create mode 100644 app/assets/2.4.x/raw/protos/KumaDpVersion.json create mode 100644 app/assets/2.4.x/raw/protos/KumaResource.json create mode 100644 app/assets/2.4.x/raw/protos/Logging.json create mode 100644 app/assets/2.4.x/raw/protos/LoggingBackend.json create mode 100644 app/assets/2.4.x/raw/protos/Mesh.json create mode 100644 app/assets/2.4.x/raw/protos/MeshGateway.json create mode 100644 app/assets/2.4.x/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/2.4.x/raw/protos/MeshInsight.json create mode 100644 app/assets/2.4.x/raw/protos/Message.json create mode 100644 app/assets/2.4.x/raw/protos/Metrics.json create mode 100644 app/assets/2.4.x/raw/protos/MetricsBackend.json create mode 100644 app/assets/2.4.x/raw/protos/Networking.json create mode 100644 app/assets/2.4.x/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/2.4.x/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/2.4.x/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/2.4.x/raw/protos/PrometheusTlsConfig.json create mode 100644 app/assets/2.4.x/raw/protos/ProxyTemplate.json create mode 100644 app/assets/2.4.x/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/2.4.x/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/2.4.x/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/2.4.x/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/2.4.x/raw/protos/RateLimit.json create mode 100644 app/assets/2.4.x/raw/protos/Retry.json create mode 100644 app/assets/2.4.x/raw/protos/Routing.json create mode 100644 app/assets/2.4.x/raw/protos/Selector.json create mode 100644 app/assets/2.4.x/raw/protos/ServiceInsight.json create mode 100644 app/assets/2.4.x/raw/protos/StatsRequest.json create mode 100644 app/assets/2.4.x/raw/protos/StatsResponse.json create mode 100644 app/assets/2.4.x/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/2.4.x/raw/protos/Timeout.json create mode 100644 app/assets/2.4.x/raw/protos/Tracing.json create mode 100644 app/assets/2.4.x/raw/protos/TracingBackend.json create mode 100644 app/assets/2.4.x/raw/protos/TrafficLog.json create mode 100644 app/assets/2.4.x/raw/protos/TrafficPermission.json create mode 100644 app/assets/2.4.x/raw/protos/TrafficRoute.json create mode 100644 app/assets/2.4.x/raw/protos/TrafficTrace.json create mode 100644 app/assets/2.4.x/raw/protos/Version.json create mode 100644 app/assets/2.4.x/raw/protos/VirtualOutbound.json create mode 100644 app/assets/2.4.x/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/2.4.x/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/2.4.x/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneEgress.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneIngress.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/2.4.x/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshtcproutes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/2.5.x/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/2.5.x/raw/helm-values.yaml create mode 100644 app/assets/2.5.x/raw/kuma-cp.yaml create mode 100644 app/assets/2.5.x/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/2.5.x/raw/protos/CircuitBreaker.json create mode 100644 app/assets/2.5.x/raw/protos/ClustersRequest.json create mode 100644 app/assets/2.5.x/raw/protos/ClustersResponse.json create mode 100644 app/assets/2.5.x/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/2.5.x/raw/protos/Dataplane.json create mode 100644 app/assets/2.5.x/raw/protos/DataplaneInsight.json create mode 100644 app/assets/2.5.x/raw/protos/DataplaneOverview.json create mode 100644 app/assets/2.5.x/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/2.5.x/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/2.5.x/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/2.5.x/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/2.5.x/raw/protos/EnvoyVersion.json create mode 100644 app/assets/2.5.x/raw/protos/ExternalService.json create mode 100644 app/assets/2.5.x/raw/protos/FaultInjection.json create mode 100644 app/assets/2.5.x/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/2.5.x/raw/protos/HealthCheck.json create mode 100644 app/assets/2.5.x/raw/protos/HttpMethod.json create mode 100644 app/assets/2.5.x/raw/protos/KumaDpVersion.json create mode 100644 app/assets/2.5.x/raw/protos/KumaResource.json create mode 100644 app/assets/2.5.x/raw/protos/Logging.json create mode 100644 app/assets/2.5.x/raw/protos/LoggingBackend.json create mode 100644 app/assets/2.5.x/raw/protos/Mesh.json create mode 100644 app/assets/2.5.x/raw/protos/MeshGateway.json create mode 100644 app/assets/2.5.x/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/2.5.x/raw/protos/MeshInsight.json create mode 100644 app/assets/2.5.x/raw/protos/Message.json create mode 100644 app/assets/2.5.x/raw/protos/Metrics.json create mode 100644 app/assets/2.5.x/raw/protos/MetricsBackend.json create mode 100644 app/assets/2.5.x/raw/protos/Networking.json create mode 100644 app/assets/2.5.x/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/2.5.x/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/2.5.x/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/2.5.x/raw/protos/PrometheusTlsConfig.json create mode 100644 app/assets/2.5.x/raw/protos/ProxyTemplate.json create mode 100644 app/assets/2.5.x/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/2.5.x/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/2.5.x/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/2.5.x/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/2.5.x/raw/protos/RateLimit.json create mode 100644 app/assets/2.5.x/raw/protos/Retry.json create mode 100644 app/assets/2.5.x/raw/protos/Routing.json create mode 100644 app/assets/2.5.x/raw/protos/Selector.json create mode 100644 app/assets/2.5.x/raw/protos/ServiceInsight.json create mode 100644 app/assets/2.5.x/raw/protos/StatsRequest.json create mode 100644 app/assets/2.5.x/raw/protos/StatsResponse.json create mode 100644 app/assets/2.5.x/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/2.5.x/raw/protos/Timeout.json create mode 100644 app/assets/2.5.x/raw/protos/Tracing.json create mode 100644 app/assets/2.5.x/raw/protos/TracingBackend.json create mode 100644 app/assets/2.5.x/raw/protos/TrafficLog.json create mode 100644 app/assets/2.5.x/raw/protos/TrafficPermission.json create mode 100644 app/assets/2.5.x/raw/protos/TrafficRoute.json create mode 100644 app/assets/2.5.x/raw/protos/TrafficTrace.json create mode 100644 app/assets/2.5.x/raw/protos/Version.json create mode 100644 app/assets/2.5.x/raw/protos/VirtualOutbound.json create mode 100644 app/assets/2.5.x/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/2.5.x/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/2.5.x/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneEgress.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneHealthCheckRequest.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneHealthCheckResponse.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneIngress.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/2.5.x/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/dev/raw/crds/kuma.io_circuitbreakers.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_containerpatches.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_dataplaneinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_dataplanes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_externalservices.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_faultinjections.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_healthchecks.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshaccesslogs.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshfaultinjections.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshgatewayroutes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshgateways.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshhealthchecks.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshhttproutes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshproxypatches.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshratelimits.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshretries.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshtcproutes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshtimeouts.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshtraces.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_proxytemplates.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_ratelimits.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_retries.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_serviceinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_timeouts.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_trafficlogs.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_trafficpermissions.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_trafficroutes.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_traffictraces.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_virtualoutbounds.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zoneegresses.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zoneegressinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zoneingresses.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zoneingressinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zoneinsights.yaml create mode 100644 app/assets/dev/raw/crds/kuma.io_zones.yaml create mode 100644 app/assets/dev/raw/helm-values.yaml create mode 100644 app/assets/dev/raw/kuma-cp.yaml create mode 100644 app/assets/dev/raw/protos/CertificateAuthorityBackend.json create mode 100644 app/assets/dev/raw/protos/CircuitBreaker.json create mode 100644 app/assets/dev/raw/protos/ClustersRequest.json create mode 100644 app/assets/dev/raw/protos/ClustersResponse.json create mode 100644 app/assets/dev/raw/protos/DatadogTracingBackendConfig.json create mode 100644 app/assets/dev/raw/protos/Dataplane.json create mode 100644 app/assets/dev/raw/protos/DataplaneInsight.json create mode 100644 app/assets/dev/raw/protos/DataplaneOverview.json create mode 100644 app/assets/dev/raw/protos/DiscoveryServiceStats.json create mode 100644 app/assets/dev/raw/protos/DiscoverySubscription.json create mode 100644 app/assets/dev/raw/protos/DiscoverySubscriptionStatus.json create mode 100644 app/assets/dev/raw/protos/EnvoyAdmin.json create mode 100644 app/assets/dev/raw/protos/EnvoyVersion.json create mode 100644 app/assets/dev/raw/protos/ExternalService.json create mode 100644 app/assets/dev/raw/protos/FaultInjection.json create mode 100644 app/assets/dev/raw/protos/FileLoggingBackendConfig.json create mode 100644 app/assets/dev/raw/protos/HealthCheck.json create mode 100644 app/assets/dev/raw/protos/HttpMethod.json create mode 100644 app/assets/dev/raw/protos/KumaDpVersion.json create mode 100644 app/assets/dev/raw/protos/KumaResource.json create mode 100644 app/assets/dev/raw/protos/Logging.json create mode 100644 app/assets/dev/raw/protos/LoggingBackend.json create mode 100644 app/assets/dev/raw/protos/Mesh.json create mode 100644 app/assets/dev/raw/protos/MeshGateway.json create mode 100644 app/assets/dev/raw/protos/MeshGatewayRoute.json create mode 100644 app/assets/dev/raw/protos/MeshInsight.json create mode 100644 app/assets/dev/raw/protos/Message.json create mode 100644 app/assets/dev/raw/protos/Metrics.json create mode 100644 app/assets/dev/raw/protos/MetricsBackend.json create mode 100644 app/assets/dev/raw/protos/Networking.json create mode 100644 app/assets/dev/raw/protos/PrometheusAggregateMetricsConfig.json create mode 100644 app/assets/dev/raw/protos/PrometheusEnvoyConfig.json create mode 100644 app/assets/dev/raw/protos/PrometheusMetricsBackendConfig.json create mode 100644 app/assets/dev/raw/protos/PrometheusTlsConfig.json create mode 100644 app/assets/dev/raw/protos/ProxyTemplate.json create mode 100644 app/assets/dev/raw/protos/ProxyTemplateProfileSource.json create mode 100644 app/assets/dev/raw/protos/ProxyTemplateRawResource.json create mode 100644 app/assets/dev/raw/protos/ProxyTemplateRawSource.json create mode 100644 app/assets/dev/raw/protos/ProxyTemplateSource.json create mode 100644 app/assets/dev/raw/protos/RateLimit.json create mode 100644 app/assets/dev/raw/protos/Retry.json create mode 100644 app/assets/dev/raw/protos/Routing.json create mode 100644 app/assets/dev/raw/protos/Selector.json create mode 100644 app/assets/dev/raw/protos/ServiceInsight.json create mode 100644 app/assets/dev/raw/protos/StatsRequest.json create mode 100644 app/assets/dev/raw/protos/StatsResponse.json create mode 100644 app/assets/dev/raw/protos/TcpLoggingBackendConfig.json create mode 100644 app/assets/dev/raw/protos/Timeout.json create mode 100644 app/assets/dev/raw/protos/Tracing.json create mode 100644 app/assets/dev/raw/protos/TracingBackend.json create mode 100644 app/assets/dev/raw/protos/TrafficLog.json create mode 100644 app/assets/dev/raw/protos/TrafficPermission.json create mode 100644 app/assets/dev/raw/protos/TrafficRoute.json create mode 100644 app/assets/dev/raw/protos/TrafficTrace.json create mode 100644 app/assets/dev/raw/protos/Version.json create mode 100644 app/assets/dev/raw/protos/VirtualOutbound.json create mode 100644 app/assets/dev/raw/protos/XDSConfigRequest.json create mode 100644 app/assets/dev/raw/protos/XDSConfigResponse.json create mode 100644 app/assets/dev/raw/protos/ZipkinTracingBackendConfig.json create mode 100644 app/assets/dev/raw/protos/ZoneEgress.json create mode 100644 app/assets/dev/raw/protos/ZoneEgressInsight.json create mode 100644 app/assets/dev/raw/protos/ZoneEgressOverview.json create mode 100644 app/assets/dev/raw/protos/ZoneHealthCheckRequest.json create mode 100644 app/assets/dev/raw/protos/ZoneHealthCheckResponse.json create mode 100644 app/assets/dev/raw/protos/ZoneIngress.json create mode 100644 app/assets/dev/raw/protos/ZoneIngressInsight.json create mode 100644 app/assets/dev/raw/protos/ZoneIngressOverview.json create mode 100644 app/assets/raw/CHANGELOG.md create mode 100644 app/assets/raw/UPGRADE.md diff --git a/app/assets/2.1.x/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/2.1.x/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..e9d7d0dc7 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_containerpatches.yaml b/app/assets/2.1.x/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..02a01ba9e --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..8d8c47115 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_dataplanes.yaml b/app/assets/2.1.x/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..a375c527d --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_externalservices.yaml b/app/assets/2.1.x/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..5c3b082ee --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_faultinjections.yaml b/app/assets/2.1.x/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..d8a927d79 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_healthchecks.yaml b/app/assets/2.1.x/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..dae84517e --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..d7b1d8519 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,281 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + required: + - address + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + required: + - address + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..bdb9f29d6 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,652 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshes.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..65cde9401 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..403d8afa9 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,189 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..1b91d0d5a --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,152 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on a + Service. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..76fd21dfc --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,279 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on a + Service. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..843dec889 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshgateways.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..73135c196 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..4eafcbe76 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,303 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..f9245237c --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,403 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + type: string + urlRewrite: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + items: + properties: + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - Prefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..1581092d5 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..19478a4b6 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,343 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..99b92ea73 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,227 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshretries.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..9f8d950f0 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,362 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HTTPHeaderMatch describes how to select + a HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + - value + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HTTPHeaderMatch describes how to select + a HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + - value + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..da628f22e --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,243 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshtraces.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..69fbf29e5 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,201 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin or datadog can be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog. Default: false' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: 'Version of the API. values: httpJson, + httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: 'Determines whether client and server spans + will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + type: object + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be force + traced if the ''x-client-trace-id'' header is set. Default: + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Default: 100% Mirror + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Default: 100% Mirror of random_sampling in + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/2.1.x/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..02f3882e4 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,125 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/2.1.x/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..2aeae6078 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_ratelimits.yaml b/app/assets/2.1.x/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..7c50a9dd1 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_retries.yaml b/app/assets/2.1.x/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..e2b50cc9f --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..ba266b6ff --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_timeouts.yaml b/app/assets/2.1.x/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..268eec1e4 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/2.1.x/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..50a7c23b9 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/2.1.x/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..74e9ac557 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/2.1.x/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..5f539139f --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_traffictraces.yaml b/app/assets/2.1.x/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..8c09731c0 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/2.1.x/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..241a24648 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..38eb83ee1 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..76c36f737 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..41b2928e6 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..1898e0aec --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..9d5237d86 --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/crds/kuma.io_zones.yaml b/app/assets/2.1.x/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..40970ab6a --- /dev/null +++ b/app/assets/2.1.x/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.1.x/raw/helm-values.yaml b/app/assets/2.1.x/raw/helm-values.yaml new file mode 100644 index 000000000..b1fe2e8a0 --- /dev/null +++ b/app/assets/2.1.x/raw/helm-values.yaml @@ -0,0 +1,718 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +controlPlane: + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP modes: one of standalone,zone,global + mode: "standalone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Control Plane Pod Annotations + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Additional annotations to put on the Kuma Control Plane + annotations: { } + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + # @default -- the resources will be chosen based on the mode + resources: + requests: + # cpu: 100m + # memory: 256Mi + limits: + # cpu: 250m + # memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (list of { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- Additional secrets to mount into the control plane + extraSecrets: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + + # -- Security context at the pod level for control plane. + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# # -- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. +# runAsNonRoot: true +# # -- The UID to run the entrypoint of the container process. +# runAsUser: 1000 +# # -- The GID to run the entrypoint of the container process. +# runAsGroup: 3000 +# # -- A special supplemental group that applies to all containers in a pod +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for control plane. + containerSecurityContext: {} #for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# # -- Controls whether a process can gain more privileges than its parent process. +# allowPrivilegeEscalation: false +# # -- The capabilities to add/drop when running containers +# capabilities: +# drop: +# - all +# # -- Whether this container has a read-only root filesystem. +# readOnlyRootFilesystem: true +# # -- Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. +# privileged: false +# # -- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. +# runAsNonRoot: true +# # -- The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. +# runAsUser: 1000 +# # -- The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. +# runAsGroup: 3000 +# #to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + + image: + # -- CNI image registry + registry: "docker.io/kumahq" + # -- CNI image repository + repository: "install-cni" + # -- CNI image tag + tag: "0.0.10" + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI image (experimental) + experimental: + image: + # -- CNI experimental image repository + repository: "kuma-cni" + # -- CNI experimental image tag - defaults to .Chart.AppVersion + tag: + + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + # -- Security context at the pod level for cni + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for cni + containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - all +# readOnlyRootFilesystem: true +# privileged: false +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +dataPlane: + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for ingress + containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - all +# readOnlyRootFilesystem: true +# privileged: false +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for egress + containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - all +# readOnlyRootFilesystem: true +# privileged: false +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + # kuma image that support v1.20.15 image */ } } + # see: https://hub.docker.com/r/kumahq/kubectl */ } } + image: + # -- The kubectl image registry + registry: kumahq + # -- The kubectl image repository + repository: kubectl + # -- The kubectl image tag + tag: "v1.20.15" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - all +# readOnlyRootFilesystem: true +# privileged: false +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # -- If true, it installs experimental new version of the CNI + cni: false + # -- If true, use the new transparent proxy engine + transparentProxy: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/2.1.x/raw/kuma-cp.yaml b/app/assets/2.1.x/raw/kuma-cp.yaml new file mode 100644 index 000000000..5413d15ee --- /dev/null +++ b/app/assets/2.1.x/raw/kuma-cp.yaml @@ -0,0 +1,577 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone" +mode: standalone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # Maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # Maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Used in verifyCa and verifyFull modes + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Used in verifyCa and verifyFull modes + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 100ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 5 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + transparentProxyV2: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_TRANSPARENT_PROXY_V2 + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + # If true, instead of providing inbound clusters with address of dataplane, generates cluster with localhost. + # Enabled can cause security threat by exposing application listing on localhost. This configuration is going to + # be removed in the future. + enableLocalhostInboundClusters: false #ENV: KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + mesh: + # Min time that should pass between MeshInsight resync + minResyncTimeout: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_TIMEOUT + # Max time that MeshInsight could spend without resync + maxResyncTimeout: 20s # ENV: KUMA_METRICS_MESH_MAX_RESYNC_TIMEOUT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # Auth defines an authentication configuration for the DP Server + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: false # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS diff --git a/app/assets/2.1.x/raw/protos/CertificateAuthorityBackend.json b/app/assets/2.1.x/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/CircuitBreaker.json b/app/assets/2.1.x/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/2.1.x/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ClustersRequest.json b/app/assets/2.1.x/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ClustersResponse.json b/app/assets/2.1.x/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DatadogTracingBackendConfig.json b/app/assets/2.1.x/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Dataplane.json b/app/assets/2.1.x/raw/protos/Dataplane.json new file mode 100644 index 000000000..9b5212a7c --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Dataplane.json @@ -0,0 +1,329 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service. When `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` is true, this defaults to `127.0.0.1`." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DataplaneInsight.json b/app/assets/2.1.x/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DataplaneOverview.json b/app/assets/2.1.x/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..7108c186b --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DataplaneOverview.json @@ -0,0 +1,571 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service. When `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` is true, this defaults to `127.0.0.1`." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DiscoveryServiceStats.json b/app/assets/2.1.x/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DiscoverySubscription.json b/app/assets/2.1.x/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/2.1.x/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/2.1.x/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/EnvoyAdmin.json b/app/assets/2.1.x/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/2.1.x/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/EnvoyVersion.json b/app/assets/2.1.x/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ExternalService.json b/app/assets/2.1.x/raw/protos/ExternalService.json new file mode 100644 index 000000000..293d87f88 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ExternalService.json @@ -0,0 +1,107 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/FaultInjection.json b/app/assets/2.1.x/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/2.1.x/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/FileLoggingBackendConfig.json b/app/assets/2.1.x/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/HealthCheck.json b/app/assets/2.1.x/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/HttpMethod.json b/app/assets/2.1.x/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/KumaDpVersion.json b/app/assets/2.1.x/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/KumaResource.json b/app/assets/2.1.x/raw/protos/KumaResource.json new file mode 100644 index 000000000..a4781295d --- /dev/null +++ b/app/assets/2.1.x/raw/protos/KumaResource.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Logging.json b/app/assets/2.1.x/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/LoggingBackend.json b/app/assets/2.1.x/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Mesh.json b/app/assets/2.1.x/raw/protos/Mesh.json new file mode 100644 index 000000000..701dde85b --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Mesh.json @@ -0,0 +1,379 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/MeshGateway.json b/app/assets/2.1.x/raw/protos/MeshGateway.json new file mode 100644 index 000000000..ac55e99ad --- /dev/null +++ b/app/assets/2.1.x/raw/protos/MeshGateway.json @@ -0,0 +1,204 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API v1alpha2. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "UDP", + 2, + "TLS", + 3, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1, + "PASSTHROUGH", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/MeshGatewayRoute.json b/app/assets/2.1.x/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..4ef7992a7 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,434 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/MeshInsight.json b/app/assets/2.1.x/raw/protos/MeshInsight.json new file mode 100644 index 000000000..36b0d45fc --- /dev/null +++ b/app/assets/2.1.x/raw/protos/MeshInsight.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Message.json b/app/assets/2.1.x/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Metrics.json b/app/assets/2.1.x/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/MetricsBackend.json b/app/assets/2.1.x/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/2.1.x/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Networking.json b/app/assets/2.1.x/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/2.1.x/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/PrometheusEnvoyConfig.json b/app/assets/2.1.x/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/2.1.x/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..895e6d014 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,92 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ProxyTemplate.json b/app/assets/2.1.x/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ProxyTemplateProfileSource.json b/app/assets/2.1.x/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ProxyTemplateRawResource.json b/app/assets/2.1.x/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ProxyTemplateRawSource.json b/app/assets/2.1.x/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ProxyTemplateSource.json b/app/assets/2.1.x/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/RateLimit.json b/app/assets/2.1.x/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Retry.json b/app/assets/2.1.x/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Routing.json b/app/assets/2.1.x/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Selector.json b/app/assets/2.1.x/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ServiceInsight.json b/app/assets/2.1.x/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/StatsRequest.json b/app/assets/2.1.x/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/StatsResponse.json b/app/assets/2.1.x/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/2.1.x/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TcpLoggingBackendConfig.json b/app/assets/2.1.x/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Timeout.json b/app/assets/2.1.x/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Tracing.json b/app/assets/2.1.x/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TracingBackend.json b/app/assets/2.1.x/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TrafficLog.json b/app/assets/2.1.x/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TrafficPermission.json b/app/assets/2.1.x/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TrafficRoute.json b/app/assets/2.1.x/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/TrafficTrace.json b/app/assets/2.1.x/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/Version.json b/app/assets/2.1.x/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/VirtualOutbound.json b/app/assets/2.1.x/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/XDSConfigRequest.json b/app/assets/2.1.x/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/XDSConfigResponse.json b/app/assets/2.1.x/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/2.1.x/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/2.1.x/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneEgress.json b/app/assets/2.1.x/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneEgressInsight.json b/app/assets/2.1.x/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneEgressOverview.json b/app/assets/2.1.x/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneIngress.json b/app/assets/2.1.x/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneIngressInsight.json b/app/assets/2.1.x/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.1.x/raw/protos/ZoneIngressOverview.json b/app/assets/2.1.x/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/2.1.x/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/2.2.x/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..5990e8245 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_containerpatches.yaml b/app/assets/2.2.x/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..41da5df68 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..5d22404d3 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_dataplanes.yaml b/app/assets/2.2.x/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..72c1b9f3d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_externalservices.yaml b/app/assets/2.2.x/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..0cf686d37 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_faultinjections.yaml b/app/assets/2.2.x/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..9e0787cc7 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_healthchecks.yaml b/app/assets/2.2.x/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..a99e65399 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..6cbb56292 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + required: + - address + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: object + required: + - address + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..85563711c --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,652 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshes.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..fb8050368 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..b21d4a0f8 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,189 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..a7438351a --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..6a67aa18b --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,331 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..560588a1d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshgateways.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..38af9f6db --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..9f435206d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,303 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..3b9811f77 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,497 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: TargetRef defines structure + that allows attaching policy to various + objects + properties: + kind: + description: Kind of the referenced + resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future + use to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced + resource. Can only be used with kinds: + `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset + of proxies by tags. Can only be used + with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests to mirror. + If not specified, all requests to the + target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines parameters used + to modify the path of the incoming request. + The modified path is then used to construct + the location header. When empty, the request + path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: Hostname is the value to be + used to replace the host header value + during forwarding. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + items: + properties: + headers: + items: + description: HeaderMatch describes how to select + an HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP + Header to be matched. Name MUST be lower + case as they will be handled with case insensitivity + (See https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - Prefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..fa23c4972 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml new file mode 100644 index 000000000..05efec16d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -0,0 +1,415 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshloadbalancingstrategies.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshLoadBalancingStrategy + listKind: MeshLoadBalancingStrategyList + plural: meshloadbalancingstrategies + singular: meshloadbalancingstrategy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + loadBalancer: + description: LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: LeastRequest selects N random available + hosts as specified in 'choiceCount' (2 by default) + and picks the host which has the fewest active requests + properties: + choiceCount: + description: ChoiceCount is the number of random + healthy hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: Maglev implements consistent hashing to + upstream hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: The table size for Maglev hashing. + Maglev aims for “minimal disruption” rather than + an absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same upstream + as it was before. Increasing the table size reduces + the amount of disruption. The table size must + be prime number limited to 5000011. If it is not + specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: Random selects a random available host. + The random load balancer generally performs better + than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the + set that comes after a failed host. + type: object + ringHash: + description: RingHash implements consistent hashing + to upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest corresponding + host clockwise around the ring. + properties: + hashFunction: + description: HashFunction is a function used to + hash hosts onto the ketama ring. The value defaults + to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: Maximum hash ring size. Defaults to + 8M entries, and limited to 8M entries, but can + be lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: Minimum hash ring size. The larger + the ring is (that is, the more hashes there are + for each provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: RoundRobin is a load balancing algorithm + that distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: LocalityAwareness contains configuration for + locality aware load balancing. + properties: + disabled: + description: Disabled allows to disable locality-aware + load balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..10fa74e21 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,504 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Cluster resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Listener resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy Listener's filter. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's VirtualHost resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..8a0aa46fc --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,227 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshretries.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..1acf4ae7e --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,397 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: HostSelection is a list of predicates that + dictate how hosts should be selected when requests + are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + Available values are OmitPreviousHosts, OmitHostsWithTags, + and OmitPreviousPriorities. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of metadata to match + against for selecting the omitted hosts. Required + if Type is OmitHostsWithTags + type: object + updateFrequency: + description: UpdateFrequency is how often the + priority load should be updated based on previously + attempted priorities. Used for OmitPreviousPriorities. + Default is 2 if not set. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: HostSelectionMaxAttempts is the maximum + number of times host selection will be reattempted + before giving up, at which point the host that was + last selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..9a02dfa36 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,243 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshtraces.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..e7ecb2d6d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,213 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can + be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog. Default: false' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: 'Version of the API. values: httpJson, + httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: 'Determines whether client and server spans + will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + type: object + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be force + traced if the ''x-client-trace-id'' header is set. Default: + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Default: 100% Mirror + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Default: 100% Mirror of random_sampling in + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/2.2.x/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..2b719f883 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,125 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/2.2.x/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..864d96f5e --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_ratelimits.yaml b/app/assets/2.2.x/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..82d4c8c61 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_retries.yaml b/app/assets/2.2.x/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..0b7de7950 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..a7f4f40de --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_timeouts.yaml b/app/assets/2.2.x/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..b3053bfd1 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/2.2.x/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..db227621c --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/2.2.x/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..a4a75fef5 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/2.2.x/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..30a130203 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_traffictraces.yaml b/app/assets/2.2.x/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..5bec94b28 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/2.2.x/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..3d1fb6f0b --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..65d43e8a5 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..9fb06a25d --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..38a0f6b1b --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..6bf360145 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..7bab4860b --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/crds/kuma.io_zones.yaml b/app/assets/2.2.x/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..6bae63852 --- /dev/null +++ b/app/assets/2.2.x/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.2.x/raw/helm-values.yaml b/app/assets/2.2.x/raw/helm-values.yaml new file mode 100644 index 000000000..50bee6d84 --- /dev/null +++ b/app/assets/2.2.x/raw/helm-values.yaml @@ -0,0 +1,709 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +controlPlane: + # -- Environment that control plane is run in, useful when running universal global control plane on k8s + environment: "kubernetes" + + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP modes: one of standalone,zone,global + mode: "standalone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Control Plane Pod Annotations + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Additional annotations to put on the Kuma Control Plane + annotations: { } + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + memory: 256Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (object with { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + # someSecret: + # Secret: some-secret + # Key: secret_key + # Env: SOME_SECRET + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- (object with { name: string, mountPath: string, readOnly: string }) Additional secrets to mount into the control plane, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + extraSecrets: + # extraConfig: + # name: extra-config + # mountPath: /etc/extra-config + # readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + # -- Define a new server port for the admission controller. Recommended to set in combination with + # hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). + admissionServerPort: 5443 + + # -- Security context at the pod level for control plane. + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for control plane. + containerSecurityContext: + readOnlyRootFilesystem: true + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + + image: + # -- CNI image repository + repository: "kuma-cni" + # -- CNI image tag - defaults to .Chart.AppVersion + tag: + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI (experimental) + experimental: + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 100Mi + + # -- Security context at the pod level for cni + podSecurityContext: {} +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# fsGroupChangePolicy: +# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core + + # -- Security context at the container level for cni + containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence +# # The values below are examples. More values can be added as needed, since the field resolves as free form. +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - all +# readOnlyRootFilesystem: true +# privileged: false +# runAsNonRoot: true +# runAsUser: 1000 +# runAsGroup: 3000 +# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + +dataPlane: + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 40 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for ingress + containerSecurityContext: + readOnlyRootFilesystem: true + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2beta, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for egress + containerSecurityContext: + readOnlyRootFilesystem: true + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + # kuma image that support v1.20.15 image */ } } + # see: https://hub.docker.com/r/kumahq/kubectl */ } } + image: + # -- The kubectl image registry + registry: kumahq + # -- The kubectl image repository + repository: kubectl + # -- The kubectl image tag + tag: "v1.20.15" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- ebpf-cleanup hook needs write access to the root filesystem to clean ebpf programs + # Changing below values will potentially break ebpf cleanup completely, + # so be cautious when doing so. + ebpfCleanup: + # -- Security context at the pod level for crd/webhook/cleanup-ebpf + podSecurityContext: + runAsNonRoot: false + # -- Security context at the container level for crd/webhook/cleanup-ebpf + containerSecurityContext: + readOnlyRootFilesystem: false + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + +legacy: + # -- If true, use the legacy transparent proxy engine + transparentProxy: false + cni: + # -- If true, it installs legacy version of the CNI + enabled: false + image: + # -- CNI v1 image registry + registry: "docker.io/kumahq" + # -- CNI v1 image repository + repository: "install-cni" + # -- CNI v1 image tag + tag: "0.0.10" + +# Postgres' settings for universal control plane on k8s +postgres: + # -- Postgres port, password should be provided as a secret reference in "controlPlane.secrets" + # with the Env value "KUMA_STORE_POSTGRES_PASSWORD". + # Example: + # controlPlane: + # secrets: + # - Secret: postgres-postgresql + # Key: postgresql-password + # Env: KUMA_STORE_POSTGRES_PASSWORD + port: "5432" + # TLS settings + tls: + # -- Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # -- Whether to disable SNI the postgres `sslsni` option. + disableSSLSNI: false # ENV: KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI + # -- Secret name that contains the ca.crt + caSecretName: + # -- Secret name that contains the client tls.crt, tls.key + secretName: + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshloadbalancingstrategies: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/2.2.x/raw/kuma-cp.yaml b/app/assets/2.2.x/raw/kuma-cp.yaml new file mode 100644 index 000000000..7200839db --- /dev/null +++ b/app/assets/2.2.x/raw/kuma-cp.yaml @@ -0,0 +1,667 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone" +mode: standalone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Driver to use, one of: pgx, postgres + driverName: pgx # ENV: KUMA_STORE_POSTGRES_DRIVER_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # MaxConnectionLifetime (applied only when driverName=pgx) is the duration since creation after which a connection will be automatically closed + maxConnectionLifetime: "1h" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME + # MaxConnectionLifetimeJitter (applied only when driverName=pgx) is the duration after maxConnectionLifetime to randomly decide to close a connection. + # This helps prevent all connections from being closed at the exact same time, starving the pool. + maxConnectionLifetimeJitter: "1m" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER + # HealthCheckInterval (applied only when driverName=pgx) is the duration between checks of the health of idle connections. + healthCheckInterval: "30s" # ENV: KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL + # MinOpenConnections (applied only when driverName=pgx) is the minimum number of open connections to the database + minOpenConnections: 0 # ENV: KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS + # MaxOpenConnections is the maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # MaxIdleConnections (applied only when driverName=postgres) is the maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Required when server has METHOD=cert + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Required when server has METHOD=cert + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval (applied only when driverName=postgres) controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval (applied only when driverName=postgres) controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 100ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 5 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER + # Token validator configuration + validator: + # If true then Kuma secrets with prefix "user-token-signing-key" are considered as signing keys. + useSecrets: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + transparentProxyV1: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_TRANSPARENT_PROXY_V1 + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + mesh: + # Min time that should pass between MeshInsight resync + minResyncTimeout: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_TIMEOUT + # Max time that MeshInsight could spend without resync + maxResyncTimeout: 20s # ENV: KUMA_METRICS_MESH_MAX_RESYNC_TIMEOUT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsEnabled turns on TLS for KDS + tlsEnabled: true # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the global control plane is sending the response that was previously rejected by zone control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the zone control plane is sending the response that was previously rejected by global control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # ReadHeaderTimeout defines the amount of time DP server will be allowed + # to read request headers. The connection's read deadline is reset + # after reading the headers and the Handler can decide what is considered + # too slow for the body. If ReadHeaderTimeout is zero there is no timeout. + # The timeout is configurable as in rare cases, when Kuma CP was restarting, + # 1s which is explicitly set in other servers was insufficient and DPs + # were failing to reconnect (we observed this in Projected Service Account + # Tokens e2e tests, which started flaking a lot after introducing explicit + # 1s timeout) + readHeaderTimeout: 5s # ENV: KUMA_DP_SERVER_READ_HEADER_TIMEOUT + # Auth defines an authentication configuration for the DP Server + # DEPRECATED: use "authn" section. + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Authn defines an authentication configuration for the DP Server + authn: + # Configuration for data plane proxy authentication. + dpProxy: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" + # Configuration of dpToken authentication method + dpToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # DP Token validator configuration. + validator: + # If true then Kuma secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # mesh: default + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # mesh: demo + # keyFile: /keys/public.pem + publicKeys: [] + # Configuration for zone proxy authentication. + zoneProxy: + # Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal. + type: "" + # Configuration for zoneToken authentication method. + zoneToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # Zone Token validator configuration. + validator: + # If true then Kuma secrets with prefix "zone-token-signing-key" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + # If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) stored in the file without proxy restart. + enableReloadableTokens: false # ENV: KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: true # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS diff --git a/app/assets/2.2.x/raw/protos/CertificateAuthorityBackend.json b/app/assets/2.2.x/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/CircuitBreaker.json b/app/assets/2.2.x/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/2.2.x/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ClustersRequest.json b/app/assets/2.2.x/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ClustersResponse.json b/app/assets/2.2.x/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DatadogTracingBackendConfig.json b/app/assets/2.2.x/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Dataplane.json b/app/assets/2.2.x/raw/protos/Dataplane.json new file mode 100644 index 000000000..92d4b6327 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Dataplane.json @@ -0,0 +1,329 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DataplaneInsight.json b/app/assets/2.2.x/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DataplaneOverview.json b/app/assets/2.2.x/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..8dcecf46a --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DataplaneOverview.json @@ -0,0 +1,571 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DiscoveryServiceStats.json b/app/assets/2.2.x/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DiscoverySubscription.json b/app/assets/2.2.x/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/2.2.x/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/2.2.x/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/EnvoyAdmin.json b/app/assets/2.2.x/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/2.2.x/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/EnvoyVersion.json b/app/assets/2.2.x/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ExternalService.json b/app/assets/2.2.x/raw/protos/ExternalService.json new file mode 100644 index 000000000..293d87f88 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ExternalService.json @@ -0,0 +1,107 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/FaultInjection.json b/app/assets/2.2.x/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/2.2.x/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/FileLoggingBackendConfig.json b/app/assets/2.2.x/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/HealthCheck.json b/app/assets/2.2.x/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/HttpMethod.json b/app/assets/2.2.x/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/KumaDpVersion.json b/app/assets/2.2.x/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/KumaResource.json b/app/assets/2.2.x/raw/protos/KumaResource.json new file mode 100644 index 000000000..a4781295d --- /dev/null +++ b/app/assets/2.2.x/raw/protos/KumaResource.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Logging.json b/app/assets/2.2.x/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/LoggingBackend.json b/app/assets/2.2.x/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Mesh.json b/app/assets/2.2.x/raw/protos/Mesh.json new file mode 100644 index 000000000..701dde85b --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Mesh.json @@ -0,0 +1,379 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/MeshGateway.json b/app/assets/2.2.x/raw/protos/MeshGateway.json new file mode 100644 index 000000000..8e0575560 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/MeshGateway.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/MeshGatewayRoute.json b/app/assets/2.2.x/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..1ccb5b377 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,442 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + }, + "host_to_backend_hostname": { + "type": "boolean", + "description": "Option to indicate that during forwarding, the host header should be swapped with the hostname of the upstream host chosen by the Envoy's cluster manager. BE AWARE: - it's mutually exclusive with request_header filter which explicitly replaces \"host\" header" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/MeshInsight.json b/app/assets/2.2.x/raw/protos/MeshInsight.json new file mode 100644 index 000000000..36b0d45fc --- /dev/null +++ b/app/assets/2.2.x/raw/protos/MeshInsight.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Message.json b/app/assets/2.2.x/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Metrics.json b/app/assets/2.2.x/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/MetricsBackend.json b/app/assets/2.2.x/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/2.2.x/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Networking.json b/app/assets/2.2.x/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/2.2.x/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/PrometheusEnvoyConfig.json b/app/assets/2.2.x/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/2.2.x/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..895e6d014 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,92 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ProxyTemplate.json b/app/assets/2.2.x/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ProxyTemplateProfileSource.json b/app/assets/2.2.x/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ProxyTemplateRawResource.json b/app/assets/2.2.x/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ProxyTemplateRawSource.json b/app/assets/2.2.x/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ProxyTemplateSource.json b/app/assets/2.2.x/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/RateLimit.json b/app/assets/2.2.x/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Retry.json b/app/assets/2.2.x/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Routing.json b/app/assets/2.2.x/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Selector.json b/app/assets/2.2.x/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ServiceInsight.json b/app/assets/2.2.x/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/StatsRequest.json b/app/assets/2.2.x/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/StatsResponse.json b/app/assets/2.2.x/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/2.2.x/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TcpLoggingBackendConfig.json b/app/assets/2.2.x/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Timeout.json b/app/assets/2.2.x/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Tracing.json b/app/assets/2.2.x/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TracingBackend.json b/app/assets/2.2.x/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TrafficLog.json b/app/assets/2.2.x/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TrafficPermission.json b/app/assets/2.2.x/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TrafficRoute.json b/app/assets/2.2.x/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/TrafficTrace.json b/app/assets/2.2.x/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/Version.json b/app/assets/2.2.x/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/VirtualOutbound.json b/app/assets/2.2.x/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/XDSConfigRequest.json b/app/assets/2.2.x/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/XDSConfigResponse.json b/app/assets/2.2.x/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/2.2.x/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/2.2.x/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneEgress.json b/app/assets/2.2.x/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneEgressInsight.json b/app/assets/2.2.x/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneEgressOverview.json b/app/assets/2.2.x/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneIngress.json b/app/assets/2.2.x/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneIngressInsight.json b/app/assets/2.2.x/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.2.x/raw/protos/ZoneIngressOverview.json b/app/assets/2.2.x/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/2.2.x/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/2.3.x/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..196b7c1db --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_containerpatches.yaml b/app/assets/2.3.x/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..20849b10b --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..7e892d597 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_dataplanes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..82cfefe31 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Service tag of the first inbound + jsonPath: .spec.networking.inbound[0].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the second inbound + jsonPath: .spec.networking.inbound[1].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the third inbound + jsonPath: .spec.networking.inbound[2].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + - description: Service tag of the fourth inbound + jsonPath: .spec.networking.inbound[3].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.3.x/raw/crds/kuma.io_externalservices.yaml b/app/assets/2.3.x/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..eed56190b --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_faultinjections.yaml b/app/assets/2.3.x/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..ba4b468d5 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_healthchecks.yaml b/app/assets/2.3.x/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..ca183c9b7 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..a38c61452 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,370 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..6cf06361d --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,651 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..8e5f84539 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..b8f55fbb2 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..bc85f28e0 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..4b2958a61 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,331 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..032cffecb --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshgateways.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..98f98f574 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..1ce431463 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,302 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..d75796690 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,501 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: TargetRef defines structure + that allows attaching policy to various + objects + properties: + kind: + description: Kind of the referenced + resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future + use to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced + resource. Can only be used with kinds: + `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset + of proxies by tags. Can only be used + with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests to mirror. + If not specified, all requests to the + target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines parameters used + to modify the path of the incoming request. + The modified path is then used to construct + the location header. When empty, the request + path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: Hostname is the value to be + used to replace the host header value + during forwarding. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: Matches describes how to match HTTP requests + this rule should be applied to. + items: + properties: + headers: + items: + description: HeaderMatch describes how to select + an HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP + Header to be matched. Name MUST be lower + case as they will be handled with case insensitivity + (See https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..5391c4b88 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml new file mode 100644 index 000000000..d4861794d --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -0,0 +1,414 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshloadbalancingstrategies.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshLoadBalancingStrategy + listKind: MeshLoadBalancingStrategyList + plural: meshloadbalancingstrategies + singular: meshloadbalancingstrategy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + loadBalancer: + description: LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: LeastRequest selects N random available + hosts as specified in 'choiceCount' (2 by default) + and picks the host which has the fewest active requests + properties: + choiceCount: + description: ChoiceCount is the number of random + healthy hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: Maglev implements consistent hashing to + upstream hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: The table size for Maglev hashing. + Maglev aims for “minimal disruption” rather than + an absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same upstream + as it was before. Increasing the table size reduces + the amount of disruption. The table size must + be prime number limited to 5000011. If it is not + specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: Random selects a random available host. + The random load balancer generally performs better + than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the + set that comes after a failed host. + type: object + ringHash: + description: RingHash implements consistent hashing + to upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest corresponding + host clockwise around the ring. + properties: + hashFunction: + description: HashFunction is a function used to + hash hosts onto the ketama ring. The value defaults + to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: Maximum hash ring size. Defaults to + 8M entries, and limited to 8M entries, but can + be lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: Minimum hash ring size. The larger + the ring is (that is, the more hashes there are + for each provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: RoundRobin is a load balancing algorithm + that distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: LocalityAwareness contains configuration for + locality aware load balancing. + properties: + disabled: + description: Disabled allows to disable locality-aware + load balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..c6a223035 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,503 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Cluster resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Listener resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy Listener's filter. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's VirtualHost resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..84c03219e --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,226 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshretries.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..a136c8fa0 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,396 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: HostSelection is a list of predicates that + dictate how hosts should be selected when requests + are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + Available values are OmitPreviousHosts, OmitHostsWithTags, + and OmitPreviousPriorities. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of metadata to match + against for selecting the omitted hosts. Required + if Type is OmitHostsWithTags + type: object + updateFrequency: + description: UpdateFrequency is how often the + priority load should be updated based on previously + attempted priorities. Used for OmitPreviousPriorities. + Default is 2 if not set. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: HostSelectionMaxAttempts is the maximum + number of times host selection will be reattempted + before giving up, at which point the host that was + last selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshtcproutes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshtcproutes.yaml new file mode 100644 index 000000000..11b589189 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshtcproutes.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshtcproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTCPRoute + listKind: MeshTCPRouteList + plural: meshtcproutes + singular: meshtcproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..c49cf77da --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,242 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshtraces.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..c6561b212 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,220 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can + be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog. Default: false' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: 'Version of the API. values: httpJson, + httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: 'Determines whether client and server spans + will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be force + traced if the ''x-client-trace-id'' header is set. Default: + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Default: 100% Mirror + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Default: 100% Mirror of random_sampling in + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/2.3.x/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..83e1920c2 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,124 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/2.3.x/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..6b05719d8 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_ratelimits.yaml b/app/assets/2.3.x/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..2bd6dcacd --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_retries.yaml b/app/assets/2.3.x/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..01cb88902 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..a85e134ce --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_timeouts.yaml b/app/assets/2.3.x/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..a04dd9d6f --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/2.3.x/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..2e1b5e864 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/2.3.x/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..820cf2b13 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/2.3.x/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..b2ce22ebf --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_traffictraces.yaml b/app/assets/2.3.x/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..24bedcbe9 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/2.3.x/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..19e7be87c --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..780d25682 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..e1221ab49 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..c91cd56cb --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..72a3a304f --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..92cf14ad6 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/crds/kuma.io_zones.yaml b/app/assets/2.3.x/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..09cb5d9c5 --- /dev/null +++ b/app/assets/2.3.x/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.3.x/raw/helm-values.yaml b/app/assets/2.3.x/raw/helm-values.yaml new file mode 100644 index 000000000..722a16b9f --- /dev/null +++ b/app/assets/2.3.x/raw/helm-values.yaml @@ -0,0 +1,717 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +controlPlane: + # -- Environment that control plane is run in, useful when running universal global control plane on k8s + environment: "kubernetes" + + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP log output path: Defaults to /dev/stdout + logOutputPath: "" + + # -- Kuma CP modes: one of standalone,zone,global + mode: "standalone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Control Plane Pod Annotations + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + apiServer: + http: + # -- Port on which Http api server Service is exposed on Node for service of type NodePort + nodePort: 30681 + https: + # -- Port on which Https api server Service is exposed on Node for service of type NodePort + nodePort: 30682 + + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Additional annotations to put on the Kuma Control Plane + annotations: { } + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort + nodePort: 30685 + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + # -- Protocol of the Global Zone Sync service port + protocol: grpc + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + memory: 256Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + # -- If true, TLS cert of the server is not verified. + skipVerify: false + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (object with { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + # someSecret: + # Secret: some-secret + # Key: secret_key + # Env: SOME_SECRET + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- (object with { name: string, mountPath: string, readOnly: string }) Additional secrets to mount into the control plane, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + extraSecrets: + # extraConfig: + # name: extra-config + # mountPath: /etc/extra-config + # readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + # -- Define a new server port for the admission controller. Recommended to set in combination with + # hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). + admissionServerPort: 5443 + + # -- Security context at the pod level for control plane. + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for control plane. + containerSecurityContext: + readOnlyRootFilesystem: true + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + # -- Set the CNI namespace + namespace: kube-system + + image: + # -- CNI image repository + repository: "kuma-cni" + # -- CNI image tag - defaults to .Chart.AppVersion + tag: + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI (experimental) + experimental: + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 100Mi + + # -- Security context at the pod level for cni + podSecurityContext: {} + + # -- Security context at the container level for cni + containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + +dataPlane: + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 40 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for ingress + containerSecurityContext: + readOnlyRootFilesystem: true + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for egress + containerSecurityContext: + readOnlyRootFilesystem: true + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + # kuma image that support v1.20.15 image */ } } + # see: https://hub.docker.com/r/kumahq/kubectl */ } } + image: + # -- The kubectl image registry + registry: kumahq + # -- The kubectl image repository + repository: kubectl + # -- The kubectl image tag + tag: "v1.20.15" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- ebpf-cleanup hook needs write access to the root filesystem to clean ebpf programs + # Changing below values will potentially break ebpf cleanup completely, + # so be cautious when doing so. + ebpfCleanup: + # -- Security context at the pod level for crd/webhook/cleanup-ebpf + podSecurityContext: + runAsNonRoot: false + # -- Security context at the container level for crd/webhook/cleanup-ebpf + containerSecurityContext: + readOnlyRootFilesystem: false + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + # -- If true, it uses new API for resource synchronization + deltaKds: false + +legacy: + # -- If true, use the legacy transparent proxy engine + transparentProxy: false + cni: + # -- If true, it installs legacy version of the CNI + enabled: false + image: + # -- CNI v1 image registry + registry: "docker.io/kumahq" + # -- CNI v1 image repository + repository: "install-cni" + # -- CNI v1 image tag + tag: "0.0.10" + +# Postgres' settings for universal control plane on k8s +postgres: + # -- Postgres port, password should be provided as a secret reference in "controlPlane.secrets" + # with the Env value "KUMA_STORE_POSTGRES_PASSWORD". + # Example: + # controlPlane: + # secrets: + # - Secret: postgres-postgresql + # Key: postgresql-password + # Env: KUMA_STORE_POSTGRES_PASSWORD + port: "5432" + # TLS settings + tls: + # -- Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # -- Whether to disable SNI the postgres `sslsni` option. + disableSSLSNI: false # ENV: KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI + # -- Secret name that contains the ca.crt + caSecretName: + # -- Secret name that contains the client tls.crt, tls.key + secretName: + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshloadbalancingstrategies: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtcproutes: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/2.3.x/raw/kuma-cp.yaml b/app/assets/2.3.x/raw/kuma-cp.yaml new file mode 100644 index 000000000..35915f7a7 --- /dev/null +++ b/app/assets/2.3.x/raw/kuma-cp.yaml @@ -0,0 +1,694 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone" +mode: standalone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Driver to use, one of: pgx, postgres + driverName: pgx # ENV: KUMA_STORE_POSTGRES_DRIVER_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # MaxConnectionLifetime (applied only when driverName=pgx) is the duration since creation after which a connection will be automatically closed + maxConnectionLifetime: "1h" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME + # MaxConnectionLifetimeJitter (applied only when driverName=pgx) is the duration after maxConnectionLifetime to randomly decide to close a connection. + # This helps prevent all connections from being closed at the exact same time, starving the pool. + maxConnectionLifetimeJitter: "1m" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER + # HealthCheckInterval (applied only when driverName=pgx) is the duration between checks of the health of idle connections. + healthCheckInterval: "30s" # ENV: KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL + # MinOpenConnections (applied only when driverName=pgx) is the minimum number of open connections to the database + minOpenConnections: 0 # ENV: KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS + # MaxOpenConnections is the maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # MaxIdleConnections (applied only when driverName=postgres) is the maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Required when server has METHOD=cert + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Required when server has METHOD=cert + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval (applied only when driverName=postgres) controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval (applied only when driverName=postgres) controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 100ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 5 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER + # Token validator configuration + validator: + # If true then Kuma secrets with prefix "user-token-signing-key" are considered as signing keys. + useSecrets: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Value of CNI namespace. + cniNamespace: "kube-system" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + transparentProxyV1: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_TRANSPARENT_PROXY_V1 + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Kubernetes's resources reconciliation concurrency configuration + controllersConcurrency: + # PodController defines maximum concurrent reconciliations of Pod resources + # Default value 10. If set to 0 kube controller-runtime default value of 1 will be used. + podController: 10 # ENV: KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER + # Kubernetes client configuration + clientConfig: + # Qps defines maximum requests kubernetes client is allowed to make per second. + # Default value 100. If set to 0 kube-client default value of 5 will be used. + qps: 100 + # BurstQps defines maximum burst requests kubernetes client is allowed to make per second + # Default value 100. If set to 0 kube-client default value of 10 will be used. + burstQps: 100 + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + # If true, it skips creating the default tenant resources + skipTenantResources: false # ENV: KUMA_DEFAULTS_SKIP_TENANT_RESOURCES + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + mesh: + # Min time that should pass between MeshInsight resync + minResyncTimeout: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_TIMEOUT + # Max time that MeshInsight could spend without resync + maxResyncTimeout: 20s # ENV: KUMA_METRICS_MESH_MAX_RESYNC_TIMEOUT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsEnabled turns on TLS for KDS + tlsEnabled: true # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the global control plane is sending the response that was previously rejected by zone control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # If true, TLS connection to the server won't be verified. + tlsSkipVerify: false # ENV: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the zone control plane is sending the response that was previously rejected by global control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # ReadHeaderTimeout defines the amount of time DP server will be allowed + # to read request headers. The connection's read deadline is reset + # after reading the headers and the Handler can decide what is considered + # too slow for the body. If ReadHeaderTimeout is zero there is no timeout. + # The timeout is configurable as in rare cases, when Kuma CP was restarting, + # 1s which is explicitly set in other servers was insufficient and DPs + # were failing to reconnect (we observed this in Projected Service Account + # Tokens e2e tests, which started flaking a lot after introducing explicit + # 1s timeout) + readHeaderTimeout: 5s # ENV: KUMA_DP_SERVER_READ_HEADER_TIMEOUT + # Auth defines an authentication configuration for the DP Server + # DEPRECATED: use "authn" section. + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Authn defines an authentication configuration for the DP Server + authn: + # Configuration for data plane proxy authentication. + dpProxy: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" + # Configuration of dpToken authentication method + dpToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # DP Token validator configuration. + validator: + # If true then Kuma secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # mesh: default + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # mesh: demo + # keyFile: /keys/public.pem + publicKeys: [] + # Configuration for zone proxy authentication. + zoneProxy: + # Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal. + type: "" + # Configuration for zoneToken authentication method. + zoneToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # Zone Token validator configuration. + validator: + # If true then Kuma secrets with prefix "zone-token-signing-key" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + # If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) stored in the file without proxy restart. + enableReloadableTokens: false # ENV: KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: true # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + # Tag first virtual outbound model is compressed version of default Virtual Outbound model + # It is recommended to use tag first model for deployments with more than 2k services + # You can enable this flag on existing deployment. In order to downgrade cp with this flag enabled + # you need to first disable this flag and redeploy cp, after config is rewritten to default + # format you can downgrade your cp + useTagFirstVirtualOutboundModel: false # ENV: KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL + # If true, KDS will sync using incremental xDS updates + kdsDeltaEnabled: false # ENV: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS diff --git a/app/assets/2.3.x/raw/protos/CertificateAuthorityBackend.json b/app/assets/2.3.x/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/CircuitBreaker.json b/app/assets/2.3.x/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/2.3.x/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ClustersRequest.json b/app/assets/2.3.x/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ClustersResponse.json b/app/assets/2.3.x/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DatadogTracingBackendConfig.json b/app/assets/2.3.x/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Dataplane.json b/app/assets/2.3.x/raw/protos/Dataplane.json new file mode 100644 index 000000000..92d4b6327 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Dataplane.json @@ -0,0 +1,329 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DataplaneInsight.json b/app/assets/2.3.x/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DataplaneOverview.json b/app/assets/2.3.x/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..8dcecf46a --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DataplaneOverview.json @@ -0,0 +1,571 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "service": { + "type": "string", + "description": "DEPRECATED: use `networking.outbound[].tags['kuma.io/service']` Service name identified by the value of `kuma.io/service`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DiscoveryServiceStats.json b/app/assets/2.3.x/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DiscoverySubscription.json b/app/assets/2.3.x/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/2.3.x/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/2.3.x/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/EnvoyAdmin.json b/app/assets/2.3.x/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/2.3.x/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/EnvoyVersion.json b/app/assets/2.3.x/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ExternalService.json b/app/assets/2.3.x/raw/protos/ExternalService.json new file mode 100644 index 000000000..293d87f88 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ExternalService.json @@ -0,0 +1,107 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/FaultInjection.json b/app/assets/2.3.x/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/2.3.x/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/FileLoggingBackendConfig.json b/app/assets/2.3.x/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/HealthCheck.json b/app/assets/2.3.x/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/HttpMethod.json b/app/assets/2.3.x/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/KumaDpVersion.json b/app/assets/2.3.x/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/KumaResource.json b/app/assets/2.3.x/raw/protos/KumaResource.json new file mode 100644 index 000000000..a4781295d --- /dev/null +++ b/app/assets/2.3.x/raw/protos/KumaResource.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Logging.json b/app/assets/2.3.x/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/LoggingBackend.json b/app/assets/2.3.x/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Mesh.json b/app/assets/2.3.x/raw/protos/Mesh.json new file mode 100644 index 000000000..1c52da2e2 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Mesh.json @@ -0,0 +1,386 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + }, + "skipCreatingInitialPolicies": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of policies to skip creating by default when the mesh is created. e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip all policies." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/MeshGateway.json b/app/assets/2.3.x/raw/protos/MeshGateway.json new file mode 100644 index 000000000..79692f693 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/MeshGateway.json @@ -0,0 +1,202 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "TLS", + 3, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1, + "PASSTHROUGH", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/MeshGatewayRoute.json b/app/assets/2.3.x/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..1ccb5b377 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,442 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + }, + "host_to_backend_hostname": { + "type": "boolean", + "description": "Option to indicate that during forwarding, the host header should be swapped with the hostname of the upstream host chosen by the Envoy's cluster manager. BE AWARE: - it's mutually exclusive with request_header filter which explicitly replaces \"host\" header" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/MeshInsight.json b/app/assets/2.3.x/raw/protos/MeshInsight.json new file mode 100644 index 000000000..36b0d45fc --- /dev/null +++ b/app/assets/2.3.x/raw/protos/MeshInsight.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Message.json b/app/assets/2.3.x/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Metrics.json b/app/assets/2.3.x/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/MetricsBackend.json b/app/assets/2.3.x/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/2.3.x/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Networking.json b/app/assets/2.3.x/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/2.3.x/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/PrometheusEnvoyConfig.json b/app/assets/2.3.x/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/2.3.x/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..895e6d014 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,92 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ProxyTemplate.json b/app/assets/2.3.x/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ProxyTemplateProfileSource.json b/app/assets/2.3.x/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ProxyTemplateRawResource.json b/app/assets/2.3.x/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ProxyTemplateRawSource.json b/app/assets/2.3.x/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ProxyTemplateSource.json b/app/assets/2.3.x/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/RateLimit.json b/app/assets/2.3.x/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Retry.json b/app/assets/2.3.x/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Routing.json b/app/assets/2.3.x/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Selector.json b/app/assets/2.3.x/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ServiceInsight.json b/app/assets/2.3.x/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/StatsRequest.json b/app/assets/2.3.x/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/StatsResponse.json b/app/assets/2.3.x/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/2.3.x/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TcpLoggingBackendConfig.json b/app/assets/2.3.x/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Timeout.json b/app/assets/2.3.x/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Tracing.json b/app/assets/2.3.x/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TracingBackend.json b/app/assets/2.3.x/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TrafficLog.json b/app/assets/2.3.x/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TrafficPermission.json b/app/assets/2.3.x/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TrafficRoute.json b/app/assets/2.3.x/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/TrafficTrace.json b/app/assets/2.3.x/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/Version.json b/app/assets/2.3.x/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/VirtualOutbound.json b/app/assets/2.3.x/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/XDSConfigRequest.json b/app/assets/2.3.x/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/XDSConfigResponse.json b/app/assets/2.3.x/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/2.3.x/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/2.3.x/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneEgress.json b/app/assets/2.3.x/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneEgressInsight.json b/app/assets/2.3.x/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneEgressOverview.json b/app/assets/2.3.x/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneIngress.json b/app/assets/2.3.x/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneIngressInsight.json b/app/assets/2.3.x/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.3.x/raw/protos/ZoneIngressOverview.json b/app/assets/2.3.x/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/2.3.x/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/2.4.x/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..8a0af998e --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_containerpatches.yaml b/app/assets/2.4.x/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..5fbde85cf --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..79a541f21 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_dataplanes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..1f0088638 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Service tag of the first inbound + jsonPath: .spec.networking.inbound[0].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the second inbound + jsonPath: .spec.networking.inbound[1].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the third inbound + jsonPath: .spec.networking.inbound[2].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + - description: Service tag of the fourth inbound + jsonPath: .spec.networking.inbound[3].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_externalservices.yaml b/app/assets/2.4.x/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..02be62004 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_faultinjections.yaml b/app/assets/2.4.x/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..5eeef6418 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_healthchecks.yaml b/app/assets/2.4.x/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..c138c08e7 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..411c1bb2c --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,391 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..ffae58e55 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,662 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..7e1848086 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..be0a3a7ca --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,198 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..38c169939 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..b0056e5ad --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,331 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..81ffb9b48 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshgateways.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..76eba91ac --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..f97352a7d --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,312 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..23e575e7e --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,513 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: TargetRef defines structure + that allows attaching policy to various + objects + properties: + kind: + description: Kind of the referenced + resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future + use to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced + resource. Can only be used with kinds: + `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset + of proxies by tags. Can only be used + with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests to mirror. + If not specified, all requests to the + target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines parameters used + to modify the path of the incoming request. + The modified path is then used to construct + the location header. When empty, the request + path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: Hostname is the value to be + used to replace the host header value + during forwarding. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: Matches describes how to match HTTP requests + this rule should be applied to. + items: + properties: + headers: + items: + description: HeaderMatch describes how to select + an HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP + Header to be matched. Name MUST be lower + case as they will be handled with case insensitivity + (See https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..f9c307168 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml new file mode 100644 index 000000000..0edd941bc --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -0,0 +1,424 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshloadbalancingstrategies.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshLoadBalancingStrategy + listKind: MeshLoadBalancingStrategyList + plural: meshloadbalancingstrategies + singular: meshloadbalancingstrategy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + loadBalancer: + description: LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: LeastRequest selects N random available + hosts as specified in 'choiceCount' (2 by default) + and picks the host which has the fewest active requests + properties: + choiceCount: + description: ChoiceCount is the number of random + healthy hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: Maglev implements consistent hashing to + upstream hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: The table size for Maglev hashing. + Maglev aims for “minimal disruption” rather than + an absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same upstream + as it was before. Increasing the table size reduces + the amount of disruption. The table size must + be prime number limited to 5000011. If it is not + specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: Random selects a random available host. + The random load balancer generally performs better + than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the + set that comes after a failed host. + type: object + ringHash: + description: RingHash implements consistent hashing + to upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest corresponding + host clockwise around the ring. + properties: + hashFunction: + description: HashFunction is a function used to + hash hosts onto the ketama ring. The value defaults + to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: Maximum hash ring size. Defaults to + 8M entries, and limited to 8M entries, but can + be lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: Minimum hash ring size. The larger + the ring is (that is, the more hashes there are + for each provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: RoundRobin is a load balancing algorithm + that distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: LocalityAwareness contains configuration for + locality aware load balancing. + properties: + disabled: + description: Disabled allows to disable locality-aware + load balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..42b4cd47c --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,512 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Cluster resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Listener resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy Listener's filter. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's VirtualHost resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..abfd51f34 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,236 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshretries.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..d724395a3 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,406 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: HostSelection is a list of predicates that + dictate how hosts should be selected when requests + are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + Available values are OmitPreviousHosts, OmitHostsWithTags, + and OmitPreviousPriorities. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of metadata to match + against for selecting the omitted hosts. Required + if Type is OmitHostsWithTags + type: object + updateFrequency: + description: UpdateFrequency is how often the + priority load should be updated based on previously + attempted priorities. Used for OmitPreviousPriorities. + Default is 2 if not set. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: HostSelectionMaxAttempts is the maximum + number of times host selection will be reattempted + before giving up, at which point the host that was + last selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshtcproutes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshtcproutes.yaml new file mode 100644 index 000000000..1bc3081aa --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshtcproutes.yaml @@ -0,0 +1,176 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtcproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTCPRoute + listKind: MeshTCPRouteList + plural: meshtcproutes + singular: meshtcproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..c55e957a8 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,253 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshtraces.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..0e8b08c9d --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,229 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can + be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog. Default: false' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: 'Version of the API. values: httpJson, + httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: 'Determines whether client and server spans + will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be force + traced if the ''x-client-trace-id'' header is set. Default: + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Default: 100% Mirror + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Default: 100% Mirror of random_sampling in + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/2.4.x/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..3ab56942e --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.4.x/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/2.4.x/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..111d4450f --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_ratelimits.yaml b/app/assets/2.4.x/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..cc6fa13fa --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_retries.yaml b/app/assets/2.4.x/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..865df1b2f --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..135eaedda --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_timeouts.yaml b/app/assets/2.4.x/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..b2f8b3d60 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/2.4.x/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..c74f9a90f --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/2.4.x/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..b9469c8c9 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/2.4.x/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..1e3158363 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_traffictraces.yaml b/app/assets/2.4.x/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..f85ababd9 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/2.4.x/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..a5fe905e0 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..b202d0fb8 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..50c7f6864 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..0754071e2 --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..87d2c06ab --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..fa149598a --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/crds/kuma.io_zones.yaml b/app/assets/2.4.x/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..bcd73a05b --- /dev/null +++ b/app/assets/2.4.x/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.4.x/raw/helm-values.yaml b/app/assets/2.4.x/raw/helm-values.yaml new file mode 100644 index 000000000..722a16b9f --- /dev/null +++ b/app/assets/2.4.x/raw/helm-values.yaml @@ -0,0 +1,717 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +controlPlane: + # -- Environment that control plane is run in, useful when running universal global control plane on k8s + environment: "kubernetes" + + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP log output path: Defaults to /dev/stdout + logOutputPath: "" + + # -- Kuma CP modes: one of standalone,zone,global + mode: "standalone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Control Plane Pod Annotations + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + apiServer: + http: + # -- Port on which Http api server Service is exposed on Node for service of type NodePort + nodePort: 30681 + https: + # -- Port on which Https api server Service is exposed on Node for service of type NodePort + nodePort: 30682 + + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Additional annotations to put on the Kuma Control Plane + annotations: { } + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort + nodePort: 30685 + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + # -- Protocol of the Global Zone Sync service port + protocol: grpc + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + memory: 256Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + # -- If true, TLS cert of the server is not verified. + skipVerify: false + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (object with { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + # someSecret: + # Secret: some-secret + # Key: secret_key + # Env: SOME_SECRET + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- (object with { name: string, mountPath: string, readOnly: string }) Additional secrets to mount into the control plane, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + extraSecrets: + # extraConfig: + # name: extra-config + # mountPath: /etc/extra-config + # readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + # -- Define a new server port for the admission controller. Recommended to set in combination with + # hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). + admissionServerPort: 5443 + + # -- Security context at the pod level for control plane. + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for control plane. + containerSecurityContext: + readOnlyRootFilesystem: true + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + # -- Set the CNI namespace + namespace: kube-system + + image: + # -- CNI image repository + repository: "kuma-cni" + # -- CNI image tag - defaults to .Chart.AppVersion + tag: + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI (experimental) + experimental: + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 100Mi + + # -- Security context at the pod level for cni + podSecurityContext: {} + + # -- Security context at the container level for cni + containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + +dataPlane: + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 40 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for ingress + containerSecurityContext: + readOnlyRootFilesystem: true + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for egress + containerSecurityContext: + readOnlyRootFilesystem: true + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + # kuma image that support v1.20.15 image */ } } + # see: https://hub.docker.com/r/kumahq/kubectl */ } } + image: + # -- The kubectl image registry + registry: kumahq + # -- The kubectl image repository + repository: kubectl + # -- The kubectl image tag + tag: "v1.20.15" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- ebpf-cleanup hook needs write access to the root filesystem to clean ebpf programs + # Changing below values will potentially break ebpf cleanup completely, + # so be cautious when doing so. + ebpfCleanup: + # -- Security context at the pod level for crd/webhook/cleanup-ebpf + podSecurityContext: + runAsNonRoot: false + # -- Security context at the container level for crd/webhook/cleanup-ebpf + containerSecurityContext: + readOnlyRootFilesystem: false + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + # -- If true, it uses new API for resource synchronization + deltaKds: false + +legacy: + # -- If true, use the legacy transparent proxy engine + transparentProxy: false + cni: + # -- If true, it installs legacy version of the CNI + enabled: false + image: + # -- CNI v1 image registry + registry: "docker.io/kumahq" + # -- CNI v1 image repository + repository: "install-cni" + # -- CNI v1 image tag + tag: "0.0.10" + +# Postgres' settings for universal control plane on k8s +postgres: + # -- Postgres port, password should be provided as a secret reference in "controlPlane.secrets" + # with the Env value "KUMA_STORE_POSTGRES_PASSWORD". + # Example: + # controlPlane: + # secrets: + # - Secret: postgres-postgresql + # Key: postgresql-password + # Env: KUMA_STORE_POSTGRES_PASSWORD + port: "5432" + # TLS settings + tls: + # -- Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # -- Whether to disable SNI the postgres `sslsni` option. + disableSSLSNI: false # ENV: KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI + # -- Secret name that contains the ca.crt + caSecretName: + # -- Secret name that contains the client tls.crt, tls.key + secretName: + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshloadbalancingstrategies: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtcproutes: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/2.4.x/raw/kuma-cp.yaml b/app/assets/2.4.x/raw/kuma-cp.yaml new file mode 100644 index 000000000..e48da89fb --- /dev/null +++ b/app/assets/2.4.x/raw/kuma-cp.yaml @@ -0,0 +1,719 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone" +mode: standalone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Driver to use, one of: pgx, postgres + driverName: pgx # ENV: KUMA_STORE_POSTGRES_DRIVER_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # MaxConnectionLifetime (applied only when driverName=pgx) is the duration since creation after which a connection will be automatically closed + maxConnectionLifetime: "1h" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME + # MaxConnectionLifetimeJitter (applied only when driverName=pgx) is the duration after maxConnectionLifetime to randomly decide to close a connection. + # This helps prevent all connections from being closed at the exact same time, starving the pool. + maxConnectionLifetimeJitter: "1m" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER + # HealthCheckInterval (applied only when driverName=pgx) is the duration between checks of the health of idle connections. + healthCheckInterval: "30s" # ENV: KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL + # MinOpenConnections (applied only when driverName=pgx) is the minimum number of open connections to the database + minOpenConnections: 0 # ENV: KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS + # MaxOpenConnections is the maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # MaxIdleConnections (applied only when driverName=postgres) is the maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Required when server has METHOD=cert + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Required when server has METHOD=cert + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval (applied only when driverName=postgres) controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval (applied only when driverName=postgres) controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 100ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 5 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER + # Token validator configuration + validator: + # If true then Kuma secrets with prefix "user-token-signing-key" are considered as signing keys. + useSecrets: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Value of CNI namespace. + cniNamespace: "kube-system" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # If true, it enables a postStart script that waits until Envoy is ready. + # With the current Kubernetes behavior, any other container in the Pod will wait until the script is complete. + waitForDataplaneReady: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_WAIT_FOR_DATAPLANE_READY + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + transparentProxyV1: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_TRANSPARENT_PROXY_V1 + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Kubernetes's resources reconciliation concurrency configuration + controllersConcurrency: + # PodController defines maximum concurrent reconciliations of Pod resources + # Default value 10. If set to 0 kube controller-runtime default value of 1 will be used. + podController: 10 # ENV: KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER + # Kubernetes client configuration + clientConfig: + # Qps defines maximum requests kubernetes client is allowed to make per second. + # Default value 100. If set to 0 kube-client default value of 5 will be used. + qps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_QPS + # BurstQps defines maximum burst requests kubernetes client is allowed to make per second + # Default value 100. If set to 0 kube-client default value of 10 will be used. + burstQps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_BURST_QPS + leaderElection: + # LeaseDuration is the duration that non-leader candidates will + # wait to force acquire leadership. This is measured against time of + # last observed ack. Default is 15 seconds. + leaseDuration: 15s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_LEASE_DURATION + # RenewDeadline is the duration that the acting controlplane will retry + # refreshing leadership before giving up. Default is 10 seconds. + renewDeadline: 10s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_RENEW_DEADLINE + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + # If true, it skips creating the default tenant resources + skipTenantResources: false # ENV: KUMA_DEFAULTS_SKIP_TENANT_RESOURCES + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + mesh: + # Minimum time between 2 refresh of insights + minResyncInterval: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_INTERVAL + # time between triggering a full refresh of all the insights + fullResyncInterval: 20s # ENV: KUMA_METRICS_MESH_FULL_RESYNC_INTERVAL + # the size of the buffer between event creation and processing + bufferSize: 1000 # ENV: KUMA_METRICS_MESH_BUFFER_SIZE + controlPlane: + # If true metrics show number of resources in the system should be reported + reportResourcesCount: true # ENV: KUMA_METRICS_CONTROL_PLANE_REPORT_RESOURCES_COUNT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsEnabled turns on TLS for KDS + tlsEnabled: true # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the global control plane is sending the response that was previously rejected by zone control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # If true, TLS connection to the server won't be verified. + tlsSkipVerify: false # ENV: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the zone control plane is sending the response that was previously rejected by global control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # ReadHeaderTimeout defines the amount of time DP server will be allowed + # to read request headers. The connection's read deadline is reset + # after reading the headers and the Handler can decide what is considered + # too slow for the body. If ReadHeaderTimeout is zero there is no timeout. + # The timeout is configurable as in rare cases, when Kuma CP was restarting, + # 1s which is explicitly set in other servers was insufficient and DPs + # were failing to reconnect (we observed this in Projected Service Account + # Tokens e2e tests, which started flaking a lot after introducing explicit + # 1s timeout) + readHeaderTimeout: 5s # ENV: KUMA_DP_SERVER_READ_HEADER_TIMEOUT + # Auth defines an authentication configuration for the DP Server + # DEPRECATED: use "authn" section. + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Authn defines an authentication configuration for the DP Server + authn: + # Configuration for data plane proxy authentication. + dpProxy: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" + # Configuration of dpToken authentication method + dpToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # DP Token validator configuration. + validator: + # If true then Kuma secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # mesh: default + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # mesh: demo + # keyFile: /keys/public.pem + publicKeys: [] + # Configuration for zone proxy authentication. + zoneProxy: + # Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal. + type: "" + # Configuration for zoneToken authentication method. + zoneToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # Zone Token validator configuration. + validator: + # If true then Kuma secrets with prefix "zone-token-signing-key" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + # If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) stored in the file without proxy restart. + enableReloadableTokens: false # ENV: KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: true # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + # Tag first virtual outbound model is compressed version of default Virtual Outbound model + # It is recommended to use tag first model for deployments with more than 2k services + # You can enable this flag on existing deployment. In order to downgrade cp with this flag enabled + # you need to first disable this flag and redeploy cp, after config is rewritten to default + # format you can downgrade your cp + useTagFirstVirtualOutboundModel: false # ENV: KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL + # If true, KDS will sync using incremental xDS updates + kdsDeltaEnabled: false # ENV: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + # List of prefixes that will be used to filter out tags by keys from ingress' available services section. + # This can trim the size of the ZoneIngress object significantly. + # The drawback is that you cannot use filtered out tags for traffic routing. + # If empty, no filter is applied. + ingressTagFilters: [] # ENV: KUMA_EXPERIMENTAL_INGRESS_TAG_FILTERS + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS + +tracing: + openTelemetry: + endpoint: "" # e.g. otel-collector:4317 diff --git a/app/assets/2.4.x/raw/protos/CertificateAuthorityBackend.json b/app/assets/2.4.x/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/CircuitBreaker.json b/app/assets/2.4.x/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/2.4.x/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ClustersRequest.json b/app/assets/2.4.x/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ClustersResponse.json b/app/assets/2.4.x/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DatadogTracingBackendConfig.json b/app/assets/2.4.x/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Dataplane.json b/app/assets/2.4.x/raw/protos/Dataplane.json new file mode 100644 index 000000000..a6888446a --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Dataplane.json @@ -0,0 +1,325 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DataplaneInsight.json b/app/assets/2.4.x/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DataplaneOverview.json b/app/assets/2.4.x/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..04e4385b8 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DataplaneOverview.json @@ -0,0 +1,567 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DiscoveryServiceStats.json b/app/assets/2.4.x/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DiscoverySubscription.json b/app/assets/2.4.x/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/2.4.x/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/2.4.x/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/EnvoyAdmin.json b/app/assets/2.4.x/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/2.4.x/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/EnvoyVersion.json b/app/assets/2.4.x/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ExternalService.json b/app/assets/2.4.x/raw/protos/ExternalService.json new file mode 100644 index 000000000..293d87f88 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ExternalService.json @@ -0,0 +1,107 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/FaultInjection.json b/app/assets/2.4.x/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/2.4.x/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/FileLoggingBackendConfig.json b/app/assets/2.4.x/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/HealthCheck.json b/app/assets/2.4.x/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/HttpMethod.json b/app/assets/2.4.x/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/KumaDpVersion.json b/app/assets/2.4.x/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/KumaResource.json b/app/assets/2.4.x/raw/protos/KumaResource.json new file mode 100644 index 000000000..a4781295d --- /dev/null +++ b/app/assets/2.4.x/raw/protos/KumaResource.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Logging.json b/app/assets/2.4.x/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/LoggingBackend.json b/app/assets/2.4.x/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Mesh.json b/app/assets/2.4.x/raw/protos/Mesh.json new file mode 100644 index 000000000..1c52da2e2 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Mesh.json @@ -0,0 +1,386 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + }, + "skipCreatingInitialPolicies": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of policies to skip creating by default when the mesh is created. e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip all policies." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/MeshGateway.json b/app/assets/2.4.x/raw/protos/MeshGateway.json new file mode 100644 index 000000000..79692f693 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/MeshGateway.json @@ -0,0 +1,202 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "TLS", + 3, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1, + "PASSTHROUGH", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/MeshGatewayRoute.json b/app/assets/2.4.x/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..1ccb5b377 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,442 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + }, + "host_to_backend_hostname": { + "type": "boolean", + "description": "Option to indicate that during forwarding, the host header should be swapped with the hostname of the upstream host chosen by the Envoy's cluster manager. BE AWARE: - it's mutually exclusive with request_header filter which explicitly replaces \"host\" header" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/MeshInsight.json b/app/assets/2.4.x/raw/protos/MeshInsight.json new file mode 100644 index 000000000..36b0d45fc --- /dev/null +++ b/app/assets/2.4.x/raw/protos/MeshInsight.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Message.json b/app/assets/2.4.x/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Metrics.json b/app/assets/2.4.x/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/MetricsBackend.json b/app/assets/2.4.x/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/2.4.x/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Networking.json b/app/assets/2.4.x/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/2.4.x/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/PrometheusEnvoyConfig.json b/app/assets/2.4.x/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/2.4.x/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..05701962e --- /dev/null +++ b/app/assets/2.4.x/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusTlsConfig", + "additionalProperties": true, + "description": "Configuration of TLS for prometheus listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + }, + "kuma.mesh.v1alpha1.PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/PrometheusTlsConfig.json b/app/assets/2.4.x/raw/protos/PrometheusTlsConfig.json new file mode 100644 index 000000000..90e6ee974 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/PrometheusTlsConfig.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusTlsConfig", + "definitions": { + "PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ProxyTemplate.json b/app/assets/2.4.x/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ProxyTemplateProfileSource.json b/app/assets/2.4.x/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ProxyTemplateRawResource.json b/app/assets/2.4.x/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ProxyTemplateRawSource.json b/app/assets/2.4.x/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ProxyTemplateSource.json b/app/assets/2.4.x/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/RateLimit.json b/app/assets/2.4.x/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Retry.json b/app/assets/2.4.x/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Routing.json b/app/assets/2.4.x/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Selector.json b/app/assets/2.4.x/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ServiceInsight.json b/app/assets/2.4.x/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/StatsRequest.json b/app/assets/2.4.x/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/StatsResponse.json b/app/assets/2.4.x/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/2.4.x/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TcpLoggingBackendConfig.json b/app/assets/2.4.x/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Timeout.json b/app/assets/2.4.x/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Tracing.json b/app/assets/2.4.x/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TracingBackend.json b/app/assets/2.4.x/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TrafficLog.json b/app/assets/2.4.x/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TrafficPermission.json b/app/assets/2.4.x/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TrafficRoute.json b/app/assets/2.4.x/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/TrafficTrace.json b/app/assets/2.4.x/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/Version.json b/app/assets/2.4.x/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/VirtualOutbound.json b/app/assets/2.4.x/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/XDSConfigRequest.json b/app/assets/2.4.x/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/XDSConfigResponse.json b/app/assets/2.4.x/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/2.4.x/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/2.4.x/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneEgress.json b/app/assets/2.4.x/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneEgressInsight.json b/app/assets/2.4.x/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneEgressOverview.json b/app/assets/2.4.x/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneIngress.json b/app/assets/2.4.x/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneIngressInsight.json b/app/assets/2.4.x/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.4.x/raw/protos/ZoneIngressOverview.json b/app/assets/2.4.x/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/2.4.x/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/2.5.x/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..8a0af998e --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_containerpatches.yaml b/app/assets/2.5.x/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..5fbde85cf --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..79a541f21 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_dataplanes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..1f0088638 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Service tag of the first inbound + jsonPath: .spec.networking.inbound[0].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the second inbound + jsonPath: .spec.networking.inbound[1].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the third inbound + jsonPath: .spec.networking.inbound[2].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + - description: Service tag of the fourth inbound + jsonPath: .spec.networking.inbound[3].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_externalservices.yaml b/app/assets/2.5.x/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..02be62004 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_faultinjections.yaml b/app/assets/2.5.x/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..5eeef6418 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_healthchecks.yaml b/app/assets/2.5.x/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..c138c08e7 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..411c1bb2c --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,391 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..ffae58e55 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,662 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..7e1848086 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..be0a3a7ca --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,198 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..38c169939 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..b0056e5ad --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,331 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..81ffb9b48 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshgateways.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..76eba91ac --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..f97352a7d --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,312 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..23e575e7e --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,513 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: TargetRef defines structure + that allows attaching policy to various + objects + properties: + kind: + description: Kind of the referenced + resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future + use to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced + resource. Can only be used with kinds: + `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset + of proxies by tags. Can only be used + with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests to mirror. + If not specified, all requests to the + target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines parameters used + to modify the path of the incoming request. + The modified path is then used to construct + the location header. When empty, the request + path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: Hostname is the value to be + used to replace the host header value + during forwarding. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: Matches describes how to match HTTP requests + this rule should be applied to. + items: + properties: + headers: + items: + description: HeaderMatch describes how to select + an HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP + Header to be matched. Name MUST be lower + case as they will be handled with case insensitivity + (See https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..f9c307168 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml new file mode 100644 index 000000000..83d193e81 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -0,0 +1,525 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshloadbalancingstrategies.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshLoadBalancingStrategy + listKind: MeshLoadBalancingStrategyList + plural: meshloadbalancingstrategies + singular: meshloadbalancingstrategy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + loadBalancer: + description: LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: LeastRequest selects N random available + hosts as specified in 'choiceCount' (2 by default) + and picks the host which has the fewest active requests + properties: + choiceCount: + description: ChoiceCount is the number of random + healthy hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: Maglev implements consistent hashing to + upstream hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: The table size for Maglev hashing. + Maglev aims for “minimal disruption” rather than + an absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same upstream + as it was before. Increasing the table size reduces + the amount of disruption. The table size must + be prime number limited to 5000011. If it is not + specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: Random selects a random available host. + The random load balancer generally performs better + than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the + set that comes after a failed host. + type: object + ringHash: + description: RingHash implements consistent hashing + to upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest corresponding + host clockwise around the ring. + properties: + hashFunction: + description: HashFunction is a function used to + hash hosts onto the ketama ring. The value defaults + to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: Maximum hash ring size. Defaults to + 8M entries, and limited to 8M entries, but can + be lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: Minimum hash ring size. The larger + the ring is (that is, the more hashes there are + for each provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: RoundRobin is a load balancing algorithm + that distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: LocalityAwareness contains configuration for + locality aware load balancing. + properties: + crossZone: + description: CrossZone defines locality aware load balancing + priorities when dataplane proxies inside local zone + are unavailable + properties: + failover: + description: Failover defines list of load balancing + rules in order of priority + items: + properties: + from: + description: From defines the list of zones + to which the rule applies + properties: + zones: + items: + type: string + type: array + required: + - zones + type: object + to: + description: To defines to which zones the + traffic should be load balanced + properties: + type: + description: Type defines how target zones + will be picked from available zones + enum: + - None + - Only + - Any + - AnyExcept + type: string + zones: + items: + type: string + type: array + required: + - type + type: object + required: + - to + type: object + type: array + failoverThreshold: + description: 'FailoverThreshold defines the percentage + of live destination dataplane proxies below which + load balancing to the next priority starts. Example: + If you configure failoverThreshold to 70, and + you have deployed 10 destination dataplane proxies. + Load balancing to next priority will start when + number of live destination dataplane proxies drops + below 7. Default 50' + properties: + percentage: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - percentage + type: object + type: object + disabled: + description: Disabled allows to disable locality-aware + load balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + localZone: + description: LocalZone defines locality aware load balancing + priorities between dataplane proxies inside a zone + properties: + affinityTags: + description: AffinityTags list of tags for local + zone load balancing. + items: + properties: + key: + description: Key defines tag for which affinity + is configured + type: string + weight: + description: 'Weight of the tag used for load + balancing. The bigger the weight the bigger + the priority. Percentage of local traffic + load balanced to tag is computed by dividing + weight by sum of weights from all tags. + For example with two affinity tags first + with weight 80 and second with weight 20, + then 80% of traffic will be redirected to + the first tag, and 20% of traffic will be + redirected to second one. Setting weights + is not mandatory. When weights are not set + control plane will compute default weight + based on list order. Default: If you do + not specify weight we will adjust them so + that 90% traffic goes to first tag, 9% to + next, and 1% to third and so on.' + format: int32 + type: integer + required: + - key + type: object + type: array + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..42b4cd47c --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,512 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Cluster resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Listener resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy Listener's filter. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's VirtualHost resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..abfd51f34 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,236 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshretries.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..d724395a3 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,406 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: HostSelection is a list of predicates that + dictate how hosts should be selected when requests + are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + Available values are OmitPreviousHosts, OmitHostsWithTags, + and OmitPreviousPriorities. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of metadata to match + against for selecting the omitted hosts. Required + if Type is OmitHostsWithTags + type: object + updateFrequency: + description: UpdateFrequency is how often the + priority load should be updated based on previously + attempted priorities. Used for OmitPreviousPriorities. + Default is 2 if not set. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: HostSelectionMaxAttempts is the maximum + number of times host selection will be reattempted + before giving up, at which point the host that was + last selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshtcproutes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshtcproutes.yaml new file mode 100644 index 000000000..1bc3081aa --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshtcproutes.yaml @@ -0,0 +1,176 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtcproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTCPRoute + listKind: MeshTCPRouteList + plural: meshtcproutes + singular: meshtcproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..c55e957a8 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,253 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshtraces.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..0e8b08c9d --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,229 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can + be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog. Default: false' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: 'Version of the API. values: httpJson, + httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: 'Determines whether client and server spans + will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be force + traced if the ''x-client-trace-id'' header is set. Default: + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Default: 100% Mirror + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: 'Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Default: 100% Mirror of random_sampling in + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/2.5.x/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..3ab56942e --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/2.5.x/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/2.5.x/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..111d4450f --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_ratelimits.yaml b/app/assets/2.5.x/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..cc6fa13fa --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_retries.yaml b/app/assets/2.5.x/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..865df1b2f --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..135eaedda --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_timeouts.yaml b/app/assets/2.5.x/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..b2f8b3d60 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/2.5.x/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..c74f9a90f --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/2.5.x/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..b9469c8c9 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/2.5.x/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..1e3158363 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_traffictraces.yaml b/app/assets/2.5.x/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..f85ababd9 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/2.5.x/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..a5fe905e0 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..b202d0fb8 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..50c7f6864 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..0754071e2 --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..87d2c06ab --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..fa149598a --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/crds/kuma.io_zones.yaml b/app/assets/2.5.x/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..bcd73a05b --- /dev/null +++ b/app/assets/2.5.x/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/2.5.x/raw/helm-values.yaml b/app/assets/2.5.x/raw/helm-values.yaml new file mode 100644 index 000000000..3a3a61c22 --- /dev/null +++ b/app/assets/2.5.x/raw/helm-values.yaml @@ -0,0 +1,733 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +# -- Whether to restart control-plane by calculating a new checksum for the secret +restartOnSecretChange: true + +controlPlane: + # -- Environment that control plane is run in, useful when running universal global control plane on k8s + environment: "kubernetes" + + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP log output path: Defaults to /dev/stdout + logOutputPath: "" + + # -- Kuma CP modes: one of standalone,zone,global + mode: "standalone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Minimum number of seconds for which a newly created pod should be ready for it to be considered available. + minReadySeconds: 0 + + # -- Annotations applied only to the `Deployment` resource + deploymentAnnotations: {} + + # -- Annotations applied only to the `Pod` resource + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + apiServer: + http: + # -- Port on which Http api server Service is exposed on Node for service of type NodePort + nodePort: 30681 + https: + # -- Port on which Https api server Service is exposed on Node for service of type NodePort + nodePort: 30682 + + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Additional annotations to put on the Kuma Control Plane + annotations: { } + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + # -- Port from kuma-cp to use to expose API and GUI. Switch to 5682 to expose TLS port + servicePort: 5681 + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Optionally specify allowed source ranges that can access the load balancer + loadBalancerSourceRanges: [] + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort + nodePort: 30685 + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + # -- Protocol of the Global Zone Sync service port + protocol: grpc + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + memory: 256Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + # -- If true, TLS cert of the server is not verified. + skipVerify: false + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (object with { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + # someSecret: + # Secret: some-secret + # Key: secret_key + # Env: SOME_SECRET + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- (object with { name: string, mountPath: string, readOnly: string }) Additional secrets to mount into the control plane, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + extraSecrets: + # extraConfig: + # name: extra-config + # mountPath: /etc/extra-config + # readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + # -- Define a new server port for the admission controller. Recommended to set in combination with + # hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). + admissionServerPort: 5443 + + # -- Security context at the pod level for control plane. + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for control plane. + containerSecurityContext: + readOnlyRootFilesystem: true + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + # -- Set the CNI namespace + namespace: kube-system + + image: + # -- CNI image repository + repository: "kuma-cni" + # -- CNI image tag - defaults to .Chart.AppVersion + tag: + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI (experimental) + experimental: + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 100Mi + + # -- Security context at the pod level for cni + podSecurityContext: {} + + # -- Security context at the container level for cni + containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + +dataPlane: + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Log level for ingress (available values: off|info|debug) + logLevel: info + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 40 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for ingress + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Log level for egress (available values: off|info|debug) + logLevel: info + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for egress + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + image: + # -- The kubectl image registry + registry: docker.io + # -- The kubectl image repository + repository: bitnami/kubectl + # -- The kubectl image tag + tag: "1.27.5" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- ebpf-cleanup hook needs write access to the root filesystem to clean ebpf programs + # Changing below values will potentially break ebpf cleanup completely, + # so be cautious when doing so. + ebpfCleanup: + # -- Security context at the pod level for crd/webhook/cleanup-ebpf + podSecurityContext: + runAsNonRoot: false + # -- Security context at the container level for crd/webhook/cleanup-ebpf + containerSecurityContext: + readOnlyRootFilesystem: false + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + # -- If false, it uses legacy API for resource synchronization + deltaKds: true + +# Postgres' settings for universal control plane on k8s +postgres: + # -- Postgres port, password should be provided as a secret reference in "controlPlane.secrets" + # with the Env value "KUMA_STORE_POSTGRES_PASSWORD". + # Example: + # controlPlane: + # secrets: + # - Secret: postgres-postgresql + # Key: postgresql-password + # Env: KUMA_STORE_POSTGRES_PASSWORD + port: "5432" + # TLS settings + tls: + # -- Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # -- Whether to disable SNI the postgres `sslsni` option. + disableSSLSNI: false # ENV: KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI + # -- Secret name that contains the ca.crt + caSecretName: + # -- Secret name that contains the client tls.crt, tls.key + secretName: + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshloadbalancingstrategies: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtcproutes: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/2.5.x/raw/kuma-cp.yaml b/app/assets/2.5.x/raw/kuma-cp.yaml new file mode 100644 index 000000000..8c716dcb9 --- /dev/null +++ b/app/assets/2.5.x/raw/kuma-cp.yaml @@ -0,0 +1,771 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone" +mode: standalone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Driver to use, one of: pgx, postgres + driverName: pgx # ENV: KUMA_STORE_POSTGRES_DRIVER_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # MaxConnectionLifetime (applied only when driverName=pgx) is the duration since creation after which a connection will be automatically closed + maxConnectionLifetime: "1h" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME + # MaxConnectionLifetimeJitter (applied only when driverName=pgx) is the duration after maxConnectionLifetime to randomly decide to close a connection. + # This helps prevent all connections from being closed at the exact same time, starving the pool. + maxConnectionLifetimeJitter: "1m" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER + # HealthCheckInterval (applied only when driverName=pgx) is the duration between checks of the health of idle connections. + healthCheckInterval: "30s" # ENV: KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL + # MinOpenConnections (applied only when driverName=pgx) is the minimum number of open connections to the database + minOpenConnections: 0 # ENV: KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS + # MaxOpenConnections is the maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # MaxIdleConnections (applied only when driverName=postgres) is the maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # MaxListQueryElements defines maximum number of changed elements before requesting full list of elements from the store. + maxListQueryElements: 0 # ENV: KUMA_STORE_POSTGRES_MAX_LIST_QUERY_ELEMENTS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Required when server has METHOD=cert + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Required when server has METHOD=cert + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval (applied only when driverName=postgres) controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval (applied only when driverName=postgres) controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + # ReadReplica is a setting for a DB replica used only for read queries + readReplica: + # Host of the Postgres DB read replica. If not set, read replica is not used. + host: "" # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_HOST + # Port of the Postgres DB read replica + port: 5432 # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_PORT + # Ratio in [0-100] range. How many SELECT queries (out of 100) will use read replica. + ratio: 100 # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_RATIO + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 200ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 10 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + # Percentage of jitter. For example: if backoff is 20s, and this value 10, the backoff will be between 18s and 22s. + conflictRetryJitterPercent: 30 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_JITTER_PERCENT + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER + # Token validator configuration + validator: + # If true then Kuma secrets with prefix "user-token-signing-key" are considered as signing keys. + useSecrets: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Value of CNI namespace. + cniNamespace: "kube-system" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # If true, it enables a postStart script that waits until Envoy is ready. + # With the current Kubernetes behavior, any other container in the Pod will wait until the script is complete. + waitForDataplaneReady: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_WAIT_FOR_DATAPLANE_READY + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + # IgnoredServiceSelectorLabels defines a list ignored labels in Service selector. + # If Pod matches a Service with ignored labels, but does not match it fully, it gets Ignored inbound. + # It is useful when you change Service selector and expect traffic to be sent immediately. + # An example of this is ArgoCD's BlueGreen deployment and "rollouts-pod-template-hash" selector. + ignoredServiceSelectorLabels: [] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_IGNORED_SERVICE_SELECTOR_LABELS + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Kubernetes's resources reconciliation concurrency configuration + controllersConcurrency: + # PodController defines maximum concurrent reconciliations of Pod resources + # Default value 10. If set to 0 kube controller-runtime default value of 1 will be used. + podController: 10 # ENV: KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER + # Kubernetes client configuration + clientConfig: + # Qps defines maximum requests kubernetes client is allowed to make per second. + # Default value 100. If set to 0 kube-client default value of 5 will be used. + qps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_QPS + # BurstQps defines maximum burst requests kubernetes client is allowed to make per second + # Default value 100. If set to 0 kube-client default value of 10 will be used. + burstQps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_BURST_QPS + leaderElection: + # LeaseDuration is the duration that non-leader candidates will + # wait to force acquire leadership. This is measured against time of + # last observed ack. Default is 15 seconds. + leaseDuration: 15s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_LEASE_DURATION + # RenewDeadline is the duration that the acting controlplane will retry + # refreshing leadership before giving up. Default is 10 seconds. + renewDeadline: 10s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_RENEW_DEADLINE + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + # If true, it skips creating the default tenant resources + skipTenantResources: false # ENV: KUMA_DEFAULTS_SKIP_TENANT_RESOURCES + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + # Compact finished metrics (do not store config and details of KDS exchange). + compactFinishedSubscriptions: false # ENV: KUMA_METRICS_ZONE_COMPACT_FINISHED_SUBSCRIPTIONS + mesh: + # Minimum time between 2 refresh of insights + minResyncInterval: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_INTERVAL + # time between triggering a full refresh of all the insights + fullResyncInterval: 20s # ENV: KUMA_METRICS_MESH_FULL_RESYNC_INTERVAL + # the size of the buffer between event creation and processing + bufferSize: 1000 # ENV: KUMA_METRICS_MESH_BUFFER_SIZE + # the number of workers that process metrics events + eventProcessors: 1 # ENV: KUMA_METRICS_MESH_EVENT_PROCESSORS + controlPlane: + # If true metrics show number of resources in the system should be reported + reportResourcesCount: true # ENV: KUMA_METRICS_CONTROL_PLANE_REPORT_RESOURCES_COUNT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsEnabled turns on TLS for KDS + tlsEnabled: true # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the global control plane is sending the response that was previously rejected by zone control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF + # DisableSOTW if true doesn't expose SOTW version of KDS. Default: false + disableSOTW: false # ENV: KUMA_MULTIZONE_GLOBAL_KDS_DISABLE_SOTW + # Response backoff is a time Global CP waits before sending ACK/NACK. + # This is a way to slow down Zone CP from sending resources too often. + responseBackoff: 0s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_RESPONSE_BACKOFF + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # If true, TLS connection to the server won't be verified. + tlsSkipVerify: false # ENV: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the zone control plane is sending the response that was previously rejected by global control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF + # Response backoff is a time Zone CP waits before sending ACK/NACK. + # This is a way to slow down Global CP from sending resources too often. + responseBackoff: 0s # ENV: KUMA_MULTIZONE_ZONE_KDS_RESPONSE_BACKOFF + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # ReadHeaderTimeout defines the amount of time DP server will be allowed + # to read request headers. The connection's read deadline is reset + # after reading the headers and the Handler can decide what is considered + # too slow for the body. If ReadHeaderTimeout is zero there is no timeout. + # The timeout is configurable as in rare cases, when Kuma CP was restarting, + # 1s which is explicitly set in other servers was insufficient and DPs + # were failing to reconnect (we observed this in Projected Service Account + # Tokens e2e tests, which started flaking a lot after introducing explicit + # 1s timeout) + readHeaderTimeout: 5s # ENV: KUMA_DP_SERVER_READ_HEADER_TIMEOUT + # Auth defines an authentication configuration for the DP Server + # DEPRECATED: use "authn" section. + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Authn defines an authentication configuration for the DP Server + authn: + # Configuration for data plane proxy authentication. + dpProxy: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" + # Configuration of dpToken authentication method + dpToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # DP Token validator configuration. + validator: + # If true then Kuma secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # mesh: default + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # mesh: demo + # keyFile: /keys/public.pem + publicKeys: [] + # Configuration for zone proxy authentication. + zoneProxy: + # Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal. + type: "" + # Configuration for zoneToken authentication method. + zoneToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # Zone Token validator configuration. + validator: + # If true then Kuma secrets with prefix "zone-token-signing-key" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + # If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) stored in the file without proxy restart. + enableReloadableTokens: false # ENV: KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: true # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + # Tag first virtual outbound model is compressed version of default Virtual Outbound model + # It is recommended to use tag first model for deployments with more than 2k services + # You can enable this flag on existing deployment. In order to downgrade cp with this flag enabled + # you need to first disable this flag and redeploy cp, after config is rewritten to default + # format you can downgrade your cp + useTagFirstVirtualOutboundModel: false # ENV: KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL + # If true, KDS will sync using incremental xDS updates + kdsDeltaEnabled: true # ENV: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + # List of prefixes that will be used to filter out tags by keys from ingress' available services section. + # This can trim the size of the ZoneIngress object significantly. + # The drawback is that you cannot use filtered out tags for traffic routing. + # If empty, no filter is applied. + ingressTagFilters: [] # ENV: KUMA_EXPERIMENTAL_INGRESS_TAG_FILTERS + # KDS event based watchdog settings. It is a more optimal way to generate KDS snapshot config. + kdsEventBasedWatchdog: + # If true, then experimental event based watchdog to generate KDS snapshot is used. + enabled: false # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_ENABLED + # How often we flush changes when experimental event based watchdog is used. + flushInterval: 5s # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FLUSH_INTERVAL + # How often we schedule full KDS resync when experimental event based watchdog is used. + fullResyncInterval: 60s # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FULL_RESYNC_INTERVAL + # If true, then initial full resync is going to be delayed by 0 to FullResyncInterval. + delayFullResync: false # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_DELAY_FULL_RESYNC + # If true then control plane computes reachable services automatically based on MeshTrafficPermission. + # Lack of MeshTrafficPermission is treated as Deny the traffic. + autoReachableServices: false # ENV: KUMA_EXPERIMENTAL_AUTO_REACHABLE_SERVICES + # KDSSyncNameWithHashSuffix if true then during KDS sync resource name is going to be suffixed with hash. + # The hash is computed based on various resource characteristics like mesh, namespace, etc. The feature prevents name + # collisions when syncing policies with the same names but different meshes from Global(Universal) to Zone(Kubernetes). + # More extensive explanation of the problem and solution can be found in the MADR https://github.com/kumahq/kuma/blob/master/docs/madr/decisions/029-kds-sync-hash-suffix.md + KDSSyncNameWithHashSuffix: false # ENV: KUMA_EXPERIMENTAL_KDS_SYNC_NAME_WITH_HASH_SUFFIX + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS + +tracing: + openTelemetry: + endpoint: "" # e.g. otel-collector:4317 + +# Configuration of the event bus which is local to one instance of CP +eventBus: + # BufferSize controls the buffer for every single event listener. + # If we go over buffer, additional delay may happen to various operation like insight recomputation or KDS. + bufferSize: 100 # ENV: KUMA_EVENT_BUS_BUFFER_SIZE diff --git a/app/assets/2.5.x/raw/protos/CertificateAuthorityBackend.json b/app/assets/2.5.x/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/CircuitBreaker.json b/app/assets/2.5.x/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/2.5.x/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ClustersRequest.json b/app/assets/2.5.x/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ClustersResponse.json b/app/assets/2.5.x/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DatadogTracingBackendConfig.json b/app/assets/2.5.x/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Dataplane.json b/app/assets/2.5.x/raw/protos/Dataplane.json new file mode 100644 index 000000000..29b8197c1 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Dataplane.json @@ -0,0 +1,344 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "state": { + "enum": [ + "Ready", + 0, + "NotReady", + 1, + "Ignored", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "State" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DataplaneInsight.json b/app/assets/2.5.x/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DataplaneOverview.json b/app/assets/2.5.x/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..fa880156a --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DataplaneOverview.json @@ -0,0 +1,586 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "state": { + "enum": [ + "Ready", + 0, + "NotReady", + 1, + "Ignored", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "State" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DiscoveryServiceStats.json b/app/assets/2.5.x/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DiscoverySubscription.json b/app/assets/2.5.x/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/2.5.x/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/2.5.x/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/EnvoyAdmin.json b/app/assets/2.5.x/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/2.5.x/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/EnvoyVersion.json b/app/assets/2.5.x/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ExternalService.json b/app/assets/2.5.x/raw/protos/ExternalService.json new file mode 100644 index 000000000..bfa3f7672 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ExternalService.json @@ -0,0 +1,112 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers require this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + }, + "skipHostnameVerification": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then hostname verification will be skipped during certificate verification." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/FaultInjection.json b/app/assets/2.5.x/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/2.5.x/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/FileLoggingBackendConfig.json b/app/assets/2.5.x/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/HealthCheck.json b/app/assets/2.5.x/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/HttpMethod.json b/app/assets/2.5.x/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/KumaDpVersion.json b/app/assets/2.5.x/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/KumaResource.json b/app/assets/2.5.x/raw/protos/KumaResource.json new file mode 100644 index 000000000..a4781295d --- /dev/null +++ b/app/assets/2.5.x/raw/protos/KumaResource.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Logging.json b/app/assets/2.5.x/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/LoggingBackend.json b/app/assets/2.5.x/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Mesh.json b/app/assets/2.5.x/raw/protos/Mesh.json new file mode 100644 index 000000000..5469c8bd2 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Mesh.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + }, + "skipCreatingInitialPolicies": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of policies to skip creating by default when the mesh is created. e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip all policies." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + }, + "skipValidation": { + "type": "boolean", + "description": "If enabled, skips CA validation." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/MeshGateway.json b/app/assets/2.5.x/raw/protos/MeshGateway.json new file mode 100644 index 000000000..79692f693 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/MeshGateway.json @@ -0,0 +1,202 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "TLS", + 3, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1, + "PASSTHROUGH", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/MeshGatewayRoute.json b/app/assets/2.5.x/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..1ccb5b377 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,442 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + }, + "host_to_backend_hostname": { + "type": "boolean", + "description": "Option to indicate that during forwarding, the host header should be swapped with the hostname of the upstream host chosen by the Envoy's cluster manager. BE AWARE: - it's mutually exclusive with request_header filter which explicitly replaces \"host\" header" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/MeshInsight.json b/app/assets/2.5.x/raw/protos/MeshInsight.json new file mode 100644 index 000000000..146f88a4d --- /dev/null +++ b/app/assets/2.5.x/raw/protos/MeshInsight.json @@ -0,0 +1,161 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gatewayBuiltin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gatewayDelegated": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Message.json b/app/assets/2.5.x/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Metrics.json b/app/assets/2.5.x/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/MetricsBackend.json b/app/assets/2.5.x/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/2.5.x/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Networking.json b/app/assets/2.5.x/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/2.5.x/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/PrometheusEnvoyConfig.json b/app/assets/2.5.x/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/2.5.x/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..05701962e --- /dev/null +++ b/app/assets/2.5.x/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusTlsConfig", + "additionalProperties": true, + "description": "Configuration of TLS for prometheus listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + }, + "kuma.mesh.v1alpha1.PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/PrometheusTlsConfig.json b/app/assets/2.5.x/raw/protos/PrometheusTlsConfig.json new file mode 100644 index 000000000..90e6ee974 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/PrometheusTlsConfig.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusTlsConfig", + "definitions": { + "PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ProxyTemplate.json b/app/assets/2.5.x/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ProxyTemplateProfileSource.json b/app/assets/2.5.x/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ProxyTemplateRawResource.json b/app/assets/2.5.x/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ProxyTemplateRawSource.json b/app/assets/2.5.x/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ProxyTemplateSource.json b/app/assets/2.5.x/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/RateLimit.json b/app/assets/2.5.x/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Retry.json b/app/assets/2.5.x/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Routing.json b/app/assets/2.5.x/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Selector.json b/app/assets/2.5.x/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ServiceInsight.json b/app/assets/2.5.x/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/StatsRequest.json b/app/assets/2.5.x/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/StatsResponse.json b/app/assets/2.5.x/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/2.5.x/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TcpLoggingBackendConfig.json b/app/assets/2.5.x/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Timeout.json b/app/assets/2.5.x/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Tracing.json b/app/assets/2.5.x/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TracingBackend.json b/app/assets/2.5.x/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TrafficLog.json b/app/assets/2.5.x/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TrafficPermission.json b/app/assets/2.5.x/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TrafficRoute.json b/app/assets/2.5.x/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/TrafficTrace.json b/app/assets/2.5.x/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/Version.json b/app/assets/2.5.x/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/VirtualOutbound.json b/app/assets/2.5.x/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/XDSConfigRequest.json b/app/assets/2.5.x/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/XDSConfigResponse.json b/app/assets/2.5.x/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/2.5.x/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/2.5.x/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneEgress.json b/app/assets/2.5.x/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneEgressInsight.json b/app/assets/2.5.x/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneEgressOverview.json b/app/assets/2.5.x/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneHealthCheckRequest.json b/app/assets/2.5.x/raw/protos/ZoneHealthCheckRequest.json new file mode 100644 index 000000000..c2d4bc984 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneHealthCheckRequest.json @@ -0,0 +1,11 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneHealthCheckRequest", + "definitions": { + "ZoneHealthCheckRequest": { + "additionalProperties": true, + "type": "object", + "title": "Zone Health Check Request" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneHealthCheckResponse.json b/app/assets/2.5.x/raw/protos/ZoneHealthCheckResponse.json new file mode 100644 index 000000000..d523b0a8c --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneHealthCheckResponse.json @@ -0,0 +1,19 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneHealthCheckResponse", + "definitions": { + "ZoneHealthCheckResponse": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval that the global control plane expects between health check pings", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Health Check Response" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneIngress.json b/app/assets/2.5.x/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneIngressInsight.json b/app/assets/2.5.x/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/2.5.x/raw/protos/ZoneIngressOverview.json b/app/assets/2.5.x/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/2.5.x/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/dev/raw/crds/kuma.io_circuitbreakers.yaml new file mode 100644 index 000000000..8a0af998e --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_circuitbreakers.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: circuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + singular: circuitbreaker + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma CircuitBreaker resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_containerpatches.yaml b/app/assets/dev/raw/crds/kuma.io_containerpatches.yaml new file mode 100644 index 000000000..5fbde85cf --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_containerpatches.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: containerpatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ContainerPatch + listKind: ContainerPatchList + plural: containerpatches + singular: containerpatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContainerPatch stores a list of patches to apply to init and + sidecar containers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + type: string + metadata: + type: object + spec: + description: ContainerPatchSpec specifies the options available for a + ContainerPatch + properties: + initPatch: + description: InitPatch specifies jsonpatch to apply to an init container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + sidecarPatch: + description: SidecarPatch specifies jsonpatch to apply to a sidecar + container. + items: + description: JsonPatchBlock is one json patch operation block. + properties: + from: + description: From is a jsonpatch from string, used by move and + copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a string representing a valid json + object used by replace and add operations. String has to be + escaped with " to be valid a json object. + type: string + required: + - op + - path + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/dev/raw/crds/kuma.io_dataplaneinsights.yaml new file mode 100644 index 000000000..79a541f21 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_dataplaneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplaneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: DataplaneInsight + listKind: DataplaneInsightList + plural: dataplaneinsights + singular: dataplaneinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + status: + description: Status is the status the Kuma resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_dataplanes.yaml b/app/assets/dev/raw/crds/kuma.io_dataplanes.yaml new file mode 100644 index 000000000..1f0088638 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_dataplanes.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: dataplanes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Dataplane + listKind: DataplaneList + plural: dataplanes + singular: dataplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Service tag of the first inbound + jsonPath: .spec.networking.inbound[0].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the second inbound + jsonPath: .spec.networking.inbound[1].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the third inbound + jsonPath: .spec.networking.inbound[2].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + - description: Service tag of the fourth inbound + jsonPath: .spec.networking.inbound[3].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Dataplane resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_externalservices.yaml b/app/assets/dev/raw/crds/kuma.io_externalservices.yaml new file mode 100644 index 000000000..02be62004 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_externalservices.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: externalservices.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ExternalService + listKind: ExternalServiceList + plural: externalservices + singular: externalservice + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ExternalService resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_faultinjections.yaml b/app/assets/dev/raw/crds/kuma.io_faultinjections.yaml new file mode 100644 index 000000000..5eeef6418 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_faultinjections.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: faultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + singular: faultinjection + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma FaultInjection resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_healthchecks.yaml b/app/assets/dev/raw/crds/kuma.io_healthchecks.yaml new file mode 100644 index 000000000..c138c08e7 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_healthchecks.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: healthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma HealthCheck resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/dev/raw/crds/kuma.io_meshaccesslogs.yaml new file mode 100644 index 000000000..e06b37ead --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshaccesslogs.yaml @@ -0,0 +1,445 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshaccesslogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshAccessLog + listKind: MeshAccessLogList + plural: meshaccesslogs + singular: meshaccesslog + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: FileBackend defines configuration for + file based access logs + properties: + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be + written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: Attributes can contain placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: Body is a raw string or an OTLP any + value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: Endpoint of OpenTelemetry collector. + An empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: Format of access logs. Placeholders + available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..ffae58e55 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,662 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshes.yaml b/app/assets/dev/raw/crds/kuma.io_meshes.yaml new file mode 100644 index 000000000..7e1848086 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Mesh + listKind: MeshList + plural: meshes + singular: mesh + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Mesh resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/dev/raw/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..0daf3c185 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,314 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml new file mode 100644 index 000000000..38c169939 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayconfigs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayConfig + listKind: MeshGatewayConfigList + plural: meshgatewayconfigs + singular: meshgatewayconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayConfig holds the configuration of a MeshGateway. A + GatewayClass can refer to a MeshGatewayConfig via parametersRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayConfigSpec specifies the options available for + a Kuma MeshGateway. + properties: + crossMesh: + description: CrossMesh specifies whether listeners configured by this + gateway are cross mesh listeners. + type: boolean + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies a set of Kuma tags that are included in + the MeshGatewayInstance and thus propagated to every Dataplane generated + to serve the MeshGateway. These tags should include a maximum of + one `kuma.io/service` tag. + type: object + type: object + status: + description: MeshGatewayConfigStatus holds information about the status + of the gateway instance. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml new file mode 100644 index 000000000..0c12d6d2f --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -0,0 +1,342 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayinstances.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayInstance + listKind: MeshGatewayInstanceList + plural: meshgatewayinstances + singular: meshgatewayinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MeshGatewayInstance represents a managed instance of a dataplane + proxy for a Kuma Gateway. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MeshGatewayInstanceSpec specifies the options available for + a GatewayDataplane. + properties: + podTemplate: + description: PodTemplate configures the Pod owned by this config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Pod. + properties: + container: + description: Container corresponds to PodSpec.Container + properties: + securityContext: + description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext + properties: + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem corresponds to + PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem + type: boolean + type: object + type: object + securityContext: + description: PodSecurityContext corresponds to PodSpec.SecurityContext + properties: + fsGroup: + description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName corresponds to PodSpec.ServiceAccountName. + type: string + type: object + type: object + replicas: + default: 1 + description: Replicas is the number of dataplane proxy replicas to + create. For now this is a fixed number, but in the future it could + be automatically scaled based on metrics. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources specifies the compute resources for the proxy + container. The default can be set in the control plane config. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceTemplate: + description: ServiceTemplate configures the Service owned by this + config. + properties: + metadata: + description: Metadata holds metadata configuration for a Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations holds annotations to be set on an + object. + type: object + labels: + additionalProperties: + type: string + description: Labels holds labels to be set on an objects. + type: object + type: object + spec: + description: Spec holds some customizable fields of a Service. + properties: + loadBalancerIP: + description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP. + type: string + type: object + type: object + serviceType: + default: LoadBalancer + description: ServiceType specifies the type of managed Service that + will be created to expose the dataplane proxies to traffic from + outside the cluster. The ports to expose will be taken from the + matching Gateway resource. If there is no matching Gateway, the + managed Service will be deleted. + enum: + - LoadBalancer + - ClusterIP + - NodePort + type: string + tags: + additionalProperties: + type: string + description: Tags specifies the Kuma tags that are propagated to the + managed dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway resource. + type: object + type: object + status: + description: MeshGatewayInstanceStatus holds information about the status + of the gateway instance. + properties: + conditions: + description: Conditions is an array of gateway instance conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, + if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ipMode: + description: IPMode specifies how the load-balancer IP behaves, + and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered + to the node with the destination set to the load-balancer's + IP and port. Setting this to "Proxy" indicates that traffic + is delivered to the node or pod with the destination set + to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust + traffic routing. + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/dev/raw/crds/kuma.io_meshgatewayroutes.yaml new file mode 100644 index 000000000..81ffb9b48 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgatewayroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGatewayRoute + listKind: MeshGatewayRouteList + plural: meshgatewayroutes + singular: meshgatewayroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGatewayRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_meshgateways.yaml b/app/assets/dev/raw/crds/kuma.io_meshgateways.yaml new file mode 100644 index 000000000..76eba91ac --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshgateways.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshgateways.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshGateway + listKind: MeshGatewayList + plural: meshgateways + singular: meshgateway + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshGateway resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/dev/raw/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..f97352a7d --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,312 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/dev/raw/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..23e575e7e --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,513 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: TargetRef defines structure + that allows attaching policy to various + objects + properties: + kind: + description: Kind of the referenced + resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future + use to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced + resource. Can only be used with kinds: + `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset + of proxies by tags. Can only be used + with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests to mirror. + If not specified, all requests to the + target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines parameters used + to modify the path of the incoming request. + The modified path is then used to construct + the location header. When empty, the request + path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: Hostname is the value to be + used to replace the host header value + during forwarding. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: Matches describes how to match HTTP requests + this rule should be applied to. + items: + properties: + headers: + items: + description: HeaderMatch describes how to select + an HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP + Header to be matched. Name MUST be lower + case as they will be handled with case insensitivity + (See https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshinsights.yaml b/app/assets/dev/raw/crds/kuma.io_meshinsights.yaml new file mode 100644 index 000000000..f9c307168 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshInsight + listKind: MeshInsightList + plural: meshinsights + singular: meshinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml new file mode 100644 index 000000000..f3c76905f --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -0,0 +1,538 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshloadbalancingstrategies.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshLoadBalancingStrategy + listKind: MeshLoadBalancingStrategyList + plural: meshloadbalancingstrategies + singular: meshloadbalancingstrategy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + loadBalancer: + description: LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: LeastRequest selects N random available + hosts as specified in 'choiceCount' (2 by default) + and picks the host which has the fewest active requests + properties: + activeRequestBias: + anyOf: + - type: integer + - type: string + description: ActiveRequestBias refers to dynamic + weights applied when hosts have varying load balancing + weights. A higher value here aggressively reduces + the weight of endpoints that are currently handling + active requests. In essence, the higher the ActiveRequestBias + value, the more forcefully it reduces the load + balancing weight of endpoints that are actively + serving requests. + x-kubernetes-int-or-string: true + choiceCount: + description: ChoiceCount is the number of random + healthy hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: Maglev implements consistent hashing to + upstream hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: The table size for Maglev hashing. + Maglev aims for “minimal disruption” rather than + an absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same upstream + as it was before. Increasing the table size reduces + the amount of disruption. The table size must + be prime number limited to 5000011. If it is not + specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: Random selects a random available host. + The random load balancer generally performs better + than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the + set that comes after a failed host. + type: object + ringHash: + description: RingHash implements consistent hashing + to upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest corresponding + host clockwise around the ring. + properties: + hashFunction: + description: HashFunction is a function used to + hash hosts onto the ketama ring. The value defaults + to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: HashPolicies specify a list of request/connection + properties that are used to calculate a hash. + These hash policies are executed in the specified + order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: The name of the cookie that + will be used to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for + the cookie. + type: string + ttl: + description: If specified, a cookie with + the TTL will be generated if the cookie + is not present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: The name of the Object in + the per-request filterState, which is + an Envoy::Hashable object. If there + is no data associated with the key, + or the stored object is not Envoy::Hashable, + no hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: The name of the request header + that will be used to obtain the hash + key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: The name of the URL query + parameter that will be used to obtain + the hash key. If the parameter is not + present, no hash will be produced. Query + parameter names are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: 'Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time + when the terminal policy works. If true, + and there is already a hash computed, ignore + rest of the list of hash polices.' + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: Maximum hash ring size. Defaults to + 8M entries, and limited to 8M entries, but can + be lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: Minimum hash ring size. The larger + the ring is (that is, the more hashes there are + for each provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: RoundRobin is a load balancing algorithm + that distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: LocalityAwareness contains configuration for + locality aware load balancing. + properties: + crossZone: + description: CrossZone defines locality aware load balancing + priorities when dataplane proxies inside local zone + are unavailable + properties: + failover: + description: Failover defines list of load balancing + rules in order of priority + items: + properties: + from: + description: From defines the list of zones + to which the rule applies + properties: + zones: + items: + type: string + type: array + required: + - zones + type: object + to: + description: To defines to which zones the + traffic should be load balanced + properties: + type: + description: Type defines how target zones + will be picked from available zones + enum: + - None + - Only + - Any + - AnyExcept + type: string + zones: + items: + type: string + type: array + required: + - type + type: object + required: + - to + type: object + type: array + failoverThreshold: + description: 'FailoverThreshold defines the percentage + of live destination dataplane proxies below which + load balancing to the next priority starts. Example: + If you configure failoverThreshold to 70, and + you have deployed 10 destination dataplane proxies. + Load balancing to next priority will start when + number of live destination dataplane proxies drops + below 7. Default 50' + properties: + percentage: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - percentage + type: object + type: object + disabled: + description: Disabled allows to disable locality-aware + load balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + localZone: + description: LocalZone defines locality aware load balancing + priorities between dataplane proxies inside a zone + properties: + affinityTags: + description: AffinityTags list of tags for local + zone load balancing. + items: + properties: + key: + description: Key defines tag for which affinity + is configured + type: string + weight: + description: 'Weight of the tag used for load + balancing. The bigger the weight the bigger + the priority. Percentage of local traffic + load balanced to tag is computed by dividing + weight by sum of weights from all tags. + For example with two affinity tags first + with weight 80 and second with weight 20, + then 80% of traffic will be redirected to + the first tag, and 20% of traffic will be + redirected to second one. Setting weights + is not mandatory. When weights are not set + control plane will compute default weight + based on list order. Default: If you do + not specify weight we will adjust them so + that 90% traffic goes to first tag, 9% to + next, and 1% to third and so on.' + format: int32 + type: integer + required: + - key + type: object + type: array + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml b/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml new file mode 100644 index 000000000..c025c75b7 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml @@ -0,0 +1,169 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshmetrics.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshMetric + listKind: MeshMetricList + plural: meshmetrics + singular: meshmetric + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshMetric resource. + properties: + default: + description: MeshMetric configuration. + properties: + applications: + description: Applications is a list of application that Dataplane + Proxy will scrape + items: + properties: + path: + default: /metrics/prometheus + description: Path on which an application expose HTTP endpoint + with metrics. + type: string + port: + description: Port on which an application expose HTTP endpoint + with metrics. + format: int32 + type: integer + required: + - port + type: object + type: array + backends: + description: Backends list that will be used to collect metrics. + items: + properties: + prometheus: + description: Prometheus backend configuration. + properties: + clientId: + description: ClientId of the Prometheus backend. Needed + when using MADS for DP discovery. + type: string + path: + default: /metrics + description: Path on which a dataplane should expose + HTTP endpoint with Prometheus metrics. + type: string + port: + default: 5670 + description: Port on which a dataplane should expose + HTTP endpoint with Prometheus metrics. + format: int32 + type: integer + tls: + description: Configuration of TLS for prometheus listener. + properties: + mode: + default: Disabled + description: Configuration of TLS for Prometheus + listener. + enum: + - Disabled + - ProvidedTLS + - ActiveMTLSBackend + type: string + required: + - mode + type: object + required: + - path + - port + type: object + type: + description: Type of the backend that will be used to collect + metrics. At the moment only Prometheus backend is available. + enum: + - Prometheus + type: string + required: + - type + type: object + type: array + sidecar: + description: Sidecar metrics collection configuration + properties: + regex: + description: Regex that will be used to filter sidecar metrics. + It uses Google RE2 engine https://github.com/google/re2 + type: string + usedOnly: + default: false + description: UsedOnly will scrape only metrics that has been + by sidecar (counters incremented at least once, gauges changed + at least once, and histograms added to at least once). + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/dev/raw/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..42b4cd47c --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,512 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Cluster resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's Listener resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy Listener's filter. + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + jsonPatches: + description: JsonPatches specifies list of jsonpatches + to apply to on Envoy's VirtualHost resource + items: + description: JsonPatchBlock is one json patch operation + block. + properties: + from: + description: From is a jsonpatch from string, + used by move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: Value must be a valid json value + used by replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/dev/raw/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..abfd51f34 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,236 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshretries.yaml b/app/assets/dev/raw/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..80148b12c --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshretries.yaml @@ -0,0 +1,447 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in an exponential backoff strategy + between retries. + properties: + baseInterval: + default: 25ms + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. If + not set, the default value is 1. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the maximum amount of + time each retry attempt can take before it times out. + If not set, the global request timeout for the route + will be used. Setting this value to 0 will disable + the per-try timeout. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + default: 300s + description: MaxInterval is a maximal amount of + time which will be taken between retries. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: RetryOn is a list of conditions which will + cause a retry. + example: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + items: + enum: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + default: 25ms + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: HostSelection is a list of predicates that + dictate how hosts should be selected when requests + are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + enum: + - OmitPreviousHosts + - OmitHostsWithTags + - OmitPreviousPriorities + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of metadata to match + against for selecting the omitted hosts. Required + if Type is OmitHostsWithTags + type: object + updateFrequency: + default: 2 + description: UpdateFrequency is how often the + priority load should be updated based on previously + attempted priorities. Used for OmitPreviousPriorities. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: HostSelectionMaxAttempts is the maximum + number of times host selection will be reattempted + before giving up, at which point the host that was + last selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. If + not set, the default value is 1. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should time out. If left unspecified, + the global route timeout for the request will be used. + Consequently, when using a 5xx based retry policy, + a request that times out will not be retried as the + total timeout budget would have been exhausted. Setting + this timeout to 0 will disable it. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + default: 300s + description: MaxInterval is a maximal amount of + time which will be taken between retries. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + the upstream response headers. + items: + description: HeaderMatch describes how to select an + HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc.).' + example: + - 5XX + - GatewayError + - Reset + - Retriable4xx + - ConnectFailure + - EnvoyRatelimited + - RefusedStream + - Http3PostConnectFailure + - HttpMethodConnect + - HttpMethodDelete + - HttpMethodGet + - HttpMethodHead + - HttpMethodOptions + - HttpMethodPatch + - HttpMethodPost + - HttpMethodPut + - HttpMethodTrace + - "500" + - "503" + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshtcproutes.yaml b/app/assets/dev/raw/crds/kuma.io_meshtcproutes.yaml new file mode 100644 index 000000000..1bc3081aa --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshtcproutes.yaml @@ -0,0 +1,176 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtcproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTCPRoute + listKind: MeshTCPRouteList + plural: meshtcproutes + singular: meshtcproute + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/dev/raw/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..c55e957a8 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,253 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshtraces.yaml b/app/assets/dev/raw/crds/kuma.io_meshtraces.yaml new file mode 100644 index 000000000..69a6536a2 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshtraces.yaml @@ -0,0 +1,234 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrace + listKind: MeshTraceList + plural: meshtraces + singular: meshtrace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: A one element array of backend definition. Envoy + allows configuring only 1 backend, so the natural way of representing + that would be just one object. Unfortunately due to the reasons + explained in MADR 009-tracing-policy this has to be a one element + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can + be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + default: false + description: 'Determines if datadog service name should + be split based on traffic direction and destination. + For example, with `splitService: true` and a `backend` + service that communicates with a couple of databases, + you would get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` + in Datadog.' + type: boolean + url: + description: Address of Datadog collector, only host + and port are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: Version of the API. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + default: true + description: Determines whether client and server spans + will share the same span context. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 + type: boolean + traceId128bit: + default: false + description: Generate 128bit traces. + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + maxItems: 1 + type: array + sampling: + description: Sampling configuration. Sampling is the process by + which a decision is made on whether to process/export a span + or not. + properties: + client: + anyOf: + - type: integer + - type: string + default: 100% + description: Target percentage of requests that will be force + traced if the 'x-client-trace-id' header is set. Mirror + of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + default: 100% + description: Target percentage of requests will be traced + after all other sampling checks have been applied (client, + force tracing, random sampling). This field functions as + an upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but overall_sampling + to 1% will result in only 1% of client requests with the + appropriate headers to be force traced. Mirror of overall_sampling + in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + default: 100% + description: Target percentage of requests that will be randomly + selected for trace generation, if not requested by the client + or not forced. Mirror of random_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + type: object + tags: + description: Custom tags configuration. You can add custom tags + to traces based on headers or literal values. + items: + description: Custom tags configuration. Only one of literal + or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: Default value to use if header is missing. + If the default is missing and there is no value the + tag will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml new file mode 100644 index 000000000..3ab56942e --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: meshtrafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTrafficPermission + listKind: MeshTrafficPermissionList + plural: meshtrafficpermissions + singular: meshtrafficpermission + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + action: + description: 'Action defines a behavior for the specified + group of clients:' + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/app/assets/dev/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/dev/raw/crds/kuma.io_proxytemplates.yaml new file mode 100644 index 000000000..111d4450f --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_proxytemplates.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: proxytemplates.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ProxyTemplate + listKind: ProxyTemplateList + plural: proxytemplates + singular: proxytemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ProxyTemplate resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_ratelimits.yaml b/app/assets/dev/raw/crds/kuma.io_ratelimits.yaml new file mode 100644 index 000000000..cc6fa13fa --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_ratelimits.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: RateLimit + listKind: RateLimitList + plural: ratelimits + singular: ratelimit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma RateLimit resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_retries.yaml b/app/assets/dev/raw/crds/kuma.io_retries.yaml new file mode 100644 index 000000000..865df1b2f --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_retries.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: retries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Retry + listKind: RetryList + plural: retries + singular: retry + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Retry resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/dev/raw/crds/kuma.io_serviceinsights.yaml new file mode 100644 index 000000000..135eaedda --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_serviceinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: serviceinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ServiceInsight + listKind: ServiceInsightList + plural: serviceinsights + singular: serviceinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ServiceInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_timeouts.yaml b/app/assets/dev/raw/crds/kuma.io_timeouts.yaml new file mode 100644 index 000000000..b2f8b3d60 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_timeouts.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: timeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Timeout + listKind: TimeoutList + plural: timeouts + singular: timeout + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Timeout resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/dev/raw/crds/kuma.io_trafficlogs.yaml new file mode 100644 index 000000000..c74f9a90f --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_trafficlogs.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficlogs.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficLog + listKind: TrafficLogList + plural: trafficlogs + singular: trafficlog + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficLog resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/dev/raw/crds/kuma.io_trafficpermissions.yaml new file mode 100644 index 000000000..b9469c8c9 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_trafficpermissions.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficpermissions.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficPermission + listKind: TrafficPermissionList + plural: trafficpermissions + singular: trafficpermission + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficPermission resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/dev/raw/crds/kuma.io_trafficroutes.yaml new file mode 100644 index 000000000..1e3158363 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_trafficroutes.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: trafficroutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficRoute + listKind: TrafficRouteList + plural: trafficroutes + singular: trafficroute + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficRoute resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_traffictraces.yaml b/app/assets/dev/raw/crds/kuma.io_traffictraces.yaml new file mode 100644 index 000000000..f85ababd9 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_traffictraces.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: traffictraces.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: TrafficTrace + listKind: TrafficTraceList + plural: traffictraces + singular: traffictrace + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma TrafficTrace resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/dev/raw/crds/kuma.io_virtualoutbounds.yaml new file mode 100644 index 000000000..a5fe905e0 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_virtualoutbounds.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: virtualoutbounds.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: VirtualOutbound + listKind: VirtualOutboundList + plural: virtualoutbounds + singular: virtualoutbound + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma VirtualOutbound resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/dev/raw/crds/kuma.io_zoneegresses.yaml new file mode 100644 index 000000000..b202d0fb8 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zoneegresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgress + listKind: ZoneEgressList + plural: zoneegresses + singular: zoneegress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/dev/raw/crds/kuma.io_zoneegressinsights.yaml new file mode 100644 index 000000000..50c7f6864 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zoneegressinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneegressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneEgressInsight + listKind: ZoneEgressInsightList + plural: zoneegressinsights + singular: zoneegressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneEgressInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/dev/raw/crds/kuma.io_zoneingresses.yaml new file mode 100644 index 000000000..0754071e2 --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zoneingresses.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingresses.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngress + listKind: ZoneIngressList + plural: zoneingresses + singular: zoneingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngress resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/dev/raw/crds/kuma.io_zoneingressinsights.yaml new file mode 100644 index 000000000..87d2c06ab --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zoneingressinsights.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneingressinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneIngressInsight + listKind: ZoneIngressInsightList + plural: zoneingressinsights + singular: zoneingressinsight + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneIngressInsight + resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/dev/raw/crds/kuma.io_zoneinsights.yaml new file mode 100644 index 000000000..fa149598a --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zoneinsights.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zoneinsights.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: ZoneInsight + listKind: ZoneInsightList + plural: zoneinsights + singular: zoneinsight + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma ZoneInsight resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/crds/kuma.io_zones.yaml b/app/assets/dev/raw/crds/kuma.io_zones.yaml new file mode 100644 index 000000000..bcd73a05b --- /dev/null +++ b/app/assets/dev/raw/crds/kuma.io_zones.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: zones.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + mesh: + description: Mesh is the name of the Kuma mesh this resource belongs to. + It may be omitted for cluster-scoped resources. + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma Zone resource. + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true diff --git a/app/assets/dev/raw/helm-values.yaml b/app/assets/dev/raw/helm-values.yaml new file mode 100644 index 000000000..d2f9a3242 --- /dev/null +++ b/app/assets/dev/raw/helm-values.yaml @@ -0,0 +1,738 @@ +global: + image: + # -- Default registry for all Kuma Images + registry: "docker.io/kumahq" + # -- The default tag for all Kuma images, which itself defaults to .Chart.AppVersion + tag: + # -- Add `imagePullSecrets` to all the service accounts used for Kuma components + imagePullSecrets: [] + +# -- Whether to patch the target namespace with the system label +patchSystemNamespace: true + +installCrdsOnUpgrade: + # -- Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) + enabled: true + # -- The `imagePullSecrets` to attach to the Service Account running CRD installation. + # This field will be deprecated in a future release, please use .global.imagePullSecrets + imagePullSecrets: [] + +# -- Whether to disable all helm hooks +noHelmHooks: false + +# -- Whether to restart control-plane by calculating a new checksum for the secret +restartOnSecretChange: true + +controlPlane: + # -- Environment that control plane is run in, useful when running universal global control plane on k8s + environment: "kubernetes" + + # -- Labels to add to resources in addition to default labels + extraLabels: {} + + # -- Kuma CP log level: one of off,info,debug + logLevel: "info" + + # -- Kuma CP log output path: Defaults to /dev/stdout + logOutputPath: "" + + # -- Kuma CP modes: one of zone,global + mode: "zone" + + # -- (string) Kuma CP zone, if running multizone + zone: + + # -- Only used in `zone` mode + kdsGlobalAddress: "" + + # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled + replicas: 1 + + # -- Minimum number of seconds for which a newly created pod should be ready for it to be considered available. + minReadySeconds: 0 + + # -- Annotations applied only to the `Deployment` resource + deploymentAnnotations: {} + + # -- Annotations applied only to the `Pod` resource + podAnnotations: {} + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + # -- Node selector for the Kuma Control Plane pods + nodeSelector: + kubernetes.io/os: linux + + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - '{{ include "kuma.name" . }}-control-plane' + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Control Plane pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component + injectorFailurePolicy: Fail + + service: + apiServer: + http: + # -- Port on which Http api server Service is exposed on Node for service of type NodePort + nodePort: 30681 + https: + # -- Port on which Https api server Service is exposed on Node for service of type NodePort + nodePort: 30682 + + # -- Whether to create a service resource. + enabled: true + + # -- (string) Optionally override of the Kuma Control Plane Service's name + name: + + # -- Service type of the Kuma Control Plane + type: ClusterIP + + # -- Annotations to put on the Kuma Control Plane + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "5680" + + # Kuma API and GUI ingress settings. Useful if you want to expose the + # API and GUI of Kuma outside the k8s cluster. + ingress: + # -- Install K8s Ingress resource that exposes GUI and API + enabled: false + # -- IngressClass defines which controller will implement the resource + ingressClassName: + # -- Ingress hostname + hostname: + # -- Map of ingress annotations. + annotations: {} + # -- Ingress path. + path: / + # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + pathType: ImplementationSpecific + # -- Port from kuma-cp to use to expose API and GUI. Switch to 5682 to expose TLS port + servicePort: 5681 + + globalZoneSyncService: + # -- Whether to create a k8s service for the global zone sync + # service. It will only be created when enabled and deploying the global + # control plane. + enabled: true + # -- Service type of the Global-zone sync + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Optionally specify allowed source ranges that can access the load balancer + loadBalancerSourceRanges: [] + # -- Additional annotations to put on the Global Zone Sync Service + annotations: { } + # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort + nodePort: 30685 + # -- Port on which Global Zone Sync Service is exposed + port: 5685 + # -- Protocol of the Global Zone Sync service port + protocol: grpc + + defaults: + # -- Whether to skip creating the default Mesh + skipMeshCreation: false + + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + + # -- Optionally override the resource spec + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + memory: 256Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 30 + + # TLS for various servers + tls: + general: + # -- Secret that contains tls.crt, tls.key [and ca.crt when no + # controlPlane.tls.general.caSecretName specified] for protecting + # Kuma in-cluster communication + secretName: "" + # -- Secret that contains ca.crt that was used to sign cert for protecting + # Kuma in-cluster communication (ca.crt present in this secret + # have precedence over the one provided in the controlPlane.tls.general.secretName) + caSecretName: "" + # -- Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) + caBundle: "" + apiServer: + # -- Secret that contains tls.crt, tls.key for protecting Kuma API on HTTPS + secretName: "" + # -- Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS + clientCertsSecretName: "" + # - if not creating the global control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsGlobalServer: + # -- Name of the K8s TLS Secret resource. If you set this and don't set + # create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- The TLS certificate to offer. + cert: "" + # -- The TLS key to use. + key: "" + # - if not creating the zonal control plane, then do nothing + # - if secretName is empty and create is false, then do nothing + # - if secretName is non-empty and create is false, then use the secret made outside of helm with the name secretName + # - if secretName is empty and create is true, then create a secret with a default name and use it + # - if secretName is non-empty and create is true, then create the secret using the provided name + kdsZoneClient: + # -- Name of the K8s Secret resource that contains ca.crt which was + # used to sign the certificate of KDS Global Server. If you set this + # and don't set create=true, you have to create the secret manually. + secretName: "" + # -- Whether to create the TLS secret in helm. + create: false + # -- CA bundle that was used to sign the certificate of KDS Global Server. + cert: "" + # -- If true, TLS cert of the server is not verified. + skipVerify: false + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + + image: + # -- Kuma CP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma CP image repository + repository: "kuma-cp" + # -- Kuma CP Image tag. When not specified, the value is copied from global.tag + tag: + + # -- (object with { Env: string, Secret: string, Key: string }) Secrets to add as environment variables, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + secrets: + # someSecret: + # Secret: some-secret + # Key: secret_key + # Env: SOME_SECRET + + # -- Additional environment variables that will be passed to the control plane + envVars: { } + + # -- Additional config maps to mount into the control plane, with optional inline values + extraConfigMaps: [ ] +# - name: extra-config +# mountPath: /etc/extra-config +# readOnly: true +# values: +# extra-config-key: | +# extra-config-value + + # -- (object with { name: string, mountPath: string, readOnly: string }) Additional secrets to mount into the control plane, + # where `Env` is the name of the env variable, + # `Secret` is the name of the Secret, + # and `Key` is the key of the Secret value to use + extraSecrets: + # extraConfig: + # name: extra-config + # mountPath: /etc/extra-config + # readOnly: true + + webhooks: + validator: + # -- Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + ownerReference: + # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. + additionalRules: "" + + # -- Specifies if the deployment should be started in hostNetwork mode. + hostNetwork: false + # -- Define a new server port for the admission controller. Recommended to set in combination with + # hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). + admissionServerPort: 5443 + + # -- Security context at the pod level for control plane. + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for control plane. + containerSecurityContext: + readOnlyRootFilesystem: true + +cni: + # -- Install Kuma with CNI instead of proxy init container + enabled: false + # -- Install CNI in chained mode + chained: false + # -- Set the CNI install directory + netDir: /etc/cni/multus/net.d + # -- Set the CNI bin directory + binDir: /var/lib/cni/bin + # -- Set the CNI configuration name + confName: kuma-cni.conf + # -- CNI log level: one of off,info,debug + logLevel: info + # -- Node Selector for the CNI pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] + # -- Additional pod annotations + podAnnotations: { } + # -- Set the CNI namespace + namespace: kube-system + + image: + # -- CNI image repository + repository: "kuma-cni" + # -- CNI image tag - defaults to .Chart.AppVersion + tag: + # -- CNI image pull policy + imagePullPolicy: IfNotPresent + + # -- it's only useful in tests to trigger a possible race condition + delayStartupSeconds: 0 + + # -- use new CNI (experimental) + experimental: + imageEbpf: + # -- CNI experimental eBPF image registry + registry: "docker.io/kumahq" + # -- CNI experimental eBPF image repository + repository: "merbridge" + # -- CNI experimental eBPF image tag + tag: "0.8.5" + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 100Mi + + # -- Security context at the pod level for cni + podSecurityContext: {} + + # -- Security context at the container level for cni + containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + +dataPlane: + # -- If true, then turn on CoreDNS query logging + dnsLogging: false + image: + # -- The Kuma DP image repository + repository: "kuma-dp" + # -- Kuma DP ImagePullPolicy + pullPolicy: IfNotPresent + # -- Kuma DP Image Tag. When not specified, the value is copied from global.tag + tag: + + initImage: + # -- The Kuma DP init image repository + repository: "kuma-init" + # -- Kuma DP init image tag When not specified, the value is copied from global.tag + tag: + +ingress: + # -- If true, it deploys Ingress for cross cluster communication + enabled: false + + # -- Labels to add to resources, in addition to default labels + extraLabels: {} + + # -- Time for which old listener will still be active as draining + drainTime: 30s + + # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Log level for ingress (available values: off|info|debug) + logLevel: info + + # -- Define the resources to allocate to mesh ingress + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + # -- Pod lifecycle settings (useful for adding a preStop hook, when + # using AWS ALB or NLB) + lifecycle: {} + + # -- Number of seconds to wait before force killing the pod. Make sure to + # update this if you add a preStop hook. + terminationGracePeriodSeconds: 40 + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + + service: + # -- Whether to create a Service resource. + enabled: true + # -- Service type of the Ingress + type: LoadBalancer + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Ingress service + annotations: { } + # -- Port on which Ingress is exposed + port: 10001 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Ingress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Ingress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Ingress pods + # This is rendered as a template, so you can reference other helm variables + # or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-ingress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Mesh Ingress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for ingress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for ingress + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + +egress: + # -- If true, it deploys Egress for cross cluster communication + enabled: false + # -- Labels to add to resources, in addition to the default labels. + extraLabels: {} + # -- Time for which old listener will still be active as draining + drainTime: 30s + # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. + replicas: 1 + + # -- Log level for egress (available values: off|info|debug) + logLevel: info + + # Horizontal Pod Autoscaling configuration + autoscaling: + # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster + enabled: false + + # -- The minimum CP pods to allow + minReplicas: 2 + # -- The max CP pods to scale to + maxReplicas: 5 + + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used + targetCPUUtilizationPercentage: 80 + # -- For clusters that do support autoscaling/v2, use metrics + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 512Mi + + service: + # -- Whether to create the service object + enabled: true + # -- Service type of the Egress + type: ClusterIP + # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer + loadBalancerIP: + # -- Additional annotations to put on the Egress service + annotations: { } + # -- Port on which Egress is exposed + port: 10002 + # -- Port on which service is exposed on Node for service of type NodePort + nodePort: + # -- Additional pod annotations (deprecated favor `podAnnotations`) + annotations: { } + # -- Additional pod annotations + podAnnotations: { } + # -- Node Selector for the Egress pods + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the Egress pods + tolerations: [] + podDisruptionBudget: + # -- Whether to create a pod disruption budget + enabled: false + # -- The maximum number of unavailable pods allowed by the budget + maxUnavailable: 1 + + # -- Affinity placement rule for the Kuma Egress pods. + # This is rendered as a template, so you can reference other helm variables or includes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + # These match the selector labels used on the deployment. + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - '{{ include "kuma.name" . }}' + - key: app.kubernetes.io/instance + operator: In + values: + - '{{ .Release.Name }}' + - key: app + operator: In + values: + - kuma-egress + topologyKey: kubernetes.io/hostname + + # -- Topology spread constraints rule for the Kuma Egress pods. + # This is rendered as a template, so you can use variables to generate match labels. + topologySpreadConstraints: + + # -- Security context at the pod level for egress + podSecurityContext: + runAsNonRoot: true + runAsUser: 5678 + runAsGroup: 5678 + + # -- Security context at the container level for egress + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true + +kumactl: + image: + # -- The kumactl image repository + repository: kumactl + # -- The kumactl image tag. When not specified, the value is copied from global.tag + tag: + +kubectl: + image: + # -- The kubectl image registry + registry: docker.io + # -- The kubectl image repository + repository: bitnami/kubectl + # -- The kubectl image tag + tag: "1.27.5" +hooks: + # -- Node selector for the HELM hooks + nodeSelector: + kubernetes.io/os: linux + # -- Tolerations for the HELM hooks + tolerations: [] + # -- Security context at the pod level for crd/webhook/ns + podSecurityContext: + runAsNonRoot: true + + # -- Security context at the container level for crd/webhook/ns + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- ebpf-cleanup hook needs write access to the root filesystem to clean ebpf programs + # Changing below values will potentially break ebpf cleanup completely, + # so be cautious when doing so. + ebpfCleanup: + # -- Security context at the pod level for crd/webhook/cleanup-ebpf + podSecurityContext: + runAsNonRoot: false + # -- Security context at the container level for crd/webhook/cleanup-ebpf + containerSecurityContext: + readOnlyRootFilesystem: false + +experimental: + # -- If true, it installs experimental Gateway API support + gatewayAPI: false + # Configuration for the experimental ebpf mode for transparent proxy + ebpf: + # -- If true, ebpf will be used instead of using iptables to install/configure transparent proxy + enabled: false + # -- Name of the environmental variable which will contain the IP address of a pod + instanceIPEnvVarName: INSTANCE_IP + # -- Path where BPF file system should be mounted + bpffsPath: /sys/fs/bpf + # -- Host's cgroup2 path + cgroupPath: /sys/fs/cgroup + # -- Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty + tcAttachIface: "" + # -- Path where compiled eBPF programs which will be installed can be found + programsSourcePath: /kuma/ebpf + # -- If false, it uses legacy API for resource synchronization + deltaKds: true + +# Postgres' settings for universal control plane on k8s +postgres: + # -- Postgres port, password should be provided as a secret reference in "controlPlane.secrets" + # with the Env value "KUMA_STORE_POSTGRES_PASSWORD". + # Example: + # controlPlane: + # secrets: + # - Secret: postgres-postgresql + # Key: postgresql-password + # Env: KUMA_STORE_POSTGRES_PASSWORD + port: "5432" + # TLS settings + tls: + # -- Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # -- Whether to disable SNI the postgres `sslsni` option. + disableSSLSNI: false # ENV: KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI + # -- Secret name that contains the ca.crt + caSecretName: + # -- Secret name that contains the client tls.crt, tls.key + secretName: + +# @ignored for helm-docs +plugins: + policies: + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshloadbalancingstrategies: {} + meshmetrics: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtcproutes: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/app/assets/dev/raw/kuma-cp.yaml b/app/assets/dev/raw/kuma-cp.yaml new file mode 100644 index 000000000..8136a224b --- /dev/null +++ b/app/assets/dev/raw/kuma-cp.yaml @@ -0,0 +1,768 @@ +# Environment type. Available values are: "kubernetes" or "universal" +environment: universal # ENV: KUMA_ENVIRONMENT +# Mode in which Kuma CP is running. Available values are: "global", "zone", "standalone" (deprecated, use "zone") +mode: zone # ENV: KUMA_MODE + +# Resource Store configuration +store: + # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory" + type: memory # ENV: KUMA_STORE_TYPE + + # Kubernetes Store configuration (used when store.type=kubernetes) + kubernetes: + # Namespace where Control Plane is installed to. + systemNamespace: kuma-system # ENV: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE + + # Postgres Store configuration (used when store.type=postgres) + postgres: + # Host of the Postgres DB + host: 127.0.0.1 # ENV: KUMA_STORE_POSTGRES_HOST + # Port of the Postgres DB + port: 15432 # ENV: KUMA_STORE_POSTGRES_PORT + # User of the Postgres DB + user: kuma # ENV: KUMA_STORE_POSTGRES_USER + # Password of the Postgres DB + password: kuma # ENV: KUMA_STORE_POSTGRES_PASSWORD + # Database name of the Postgres DB + dbName: kuma # ENV: KUMA_STORE_POSTGRES_DB_NAME + # Driver to use, one of: pgx, postgres + driverName: pgx # ENV: KUMA_STORE_POSTGRES_DRIVER_NAME + # Connection Timeout to the DB in seconds + connectionTimeout: 5 # ENV: KUMA_STORE_POSTGRES_CONNECTION_TIMEOUT + # MaxConnectionLifetime (applied only when driverName=pgx) is the duration since creation after which a connection will be automatically closed + maxConnectionLifetime: "1h" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME + # MaxConnectionLifetimeJitter (applied only when driverName=pgx) is the duration after maxConnectionLifetime to randomly decide to close a connection. + # This helps prevent all connections from being closed at the exact same time, starving the pool. + maxConnectionLifetimeJitter: "1m" # ENV: KUMA_STORE_POSTGRES_MAX_CONNECTION_LIFETIME_JITTER + # HealthCheckInterval (applied only when driverName=pgx) is the duration between checks of the health of idle connections. + healthCheckInterval: "30s" # ENV: KUMA_STORE_POSTGRES_HEALTH_CHECK_INTERVAL + # MinOpenConnections (applied only when driverName=pgx) is the minimum number of open connections to the database + minOpenConnections: 0 # ENV: KUMA_STORE_POSTGRES_MIN_OPEN_CONNECTIONS + # MaxOpenConnections is the maximum number of open connections to the database + # `0` value means number of open connections is unlimited + maxOpenConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_OPEN_CONNECTIONS + # MaxIdleConnections (applied only when driverName=postgres) is the maximum number of connections in the idle connection pool + # <0 value means no idle connections and 0 means default max idle connections + maxIdleConnections: 50 # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS + # MaxListQueryElements defines maximum number of changed elements before requesting full list of elements from the store. + maxListQueryElements: 0 # ENV: KUMA_STORE_POSTGRES_MAX_LIST_QUERY_ELEMENTS + # TLS settings + tls: + # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" + mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE + # Path to TLS Certificate of the client. Required when server has METHOD=cert + certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH + # Path to TLS Key of the client. Required when server has METHOD=cert + keyPath: # ENV: KUMA_STORE_POSTGRES_TLS_KEY_PATH + # Path to the root certificate. Used in verifyCa and verifyFull modes. + caPath: # ENV: KUMA_STORE_POSTGRES_TLS_ROOT_CERT_PATH + # MinReconnectInterval (applied only when driverName=postgres) controls the duration to wait before trying to + # re-establish the database connection after connection loss. After each + # consecutive failure this interval is doubled, until MaxReconnectInterval + # is reached. Successfully completing the connection establishment procedure + # resets the interval back to MinReconnectInterval. + minReconnectInterval: "10s" # ENV: KUMA_STORE_POSTGRES_MIN_RECONNECT_INTERVAL + # MaxReconnectInterval (applied only when driverName=postgres) controls the maximum possible duration to wait before trying + # to re-establish the database connection after connection loss. + maxReconnectInterval: "60s" # ENV: KUMA_STORE_POSTGRES_MAX_RECONNECT_INTERVAL + # ReadReplica is a setting for a DB replica used only for read queries + readReplica: + # Host of the Postgres DB read replica. If not set, read replica is not used. + host: "" # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_HOST + # Port of the Postgres DB read replica + port: 5432 # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_PORT + # Ratio in [0-100] range. How many SELECT queries (out of 100) will use read replica. + ratio: 100 # ENV: KUMA_STORE_POSTGRES_READ_REPLICA_RATIO + + # Cache for read only operations. This cache is local to the instance of the control plane. + cache: + # If true then cache is enabled + enabled: true # ENV: KUMA_STORE_CACHE_ENABLED + # Expiration time for elements in cache. + expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME + + # Upsert (get and update) configuration + upsert: + # Base time for exponential backoff on upsert operations when retry is enabled + conflictRetryBaseBackoff: 200ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF + # Max retries on upsert (get and update) operation when retry is enabled + conflictRetryMaxTimes: 10 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES + # Percentage of jitter. For example: if backoff is 20s, and this value 10, the backoff will be between 18s and 22s. + conflictRetryJitterPercent: 30 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_JITTER_PERCENT + + # If true, skips validation of resource delete. + # For example you don't have to delete all Dataplane objects before you delete a Mesh + unsafeDelete: false # ENV: KUMA_STORE_UNSAFE_DELETE + +# Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes +bootstrapServer: + # Parameters of bootstrap configuration + params: + # Address of Envoy Admin + adminAddress: 127.0.0.1 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ADDRESS + # Port of Envoy Admin + adminPort: 9901 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT + # Path to access log file of Envoy Admin + adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH + # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane + xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST + # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT + xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT + # Connection timeout to the XDS Server + xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT + +# Monitoring Assignment Discovery Service (MADS) server configuration +monitoringAssignmentServer: + # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS). + port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT + # Which MADS API versions to serve + apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS + # Interval for re-generating monitoring assignments for clients connected to the Control Plane. + assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL + # The default timeout for a single fetch-based discovery request, if not specified + defaultFetchTimeout: 30s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_DEFAULT_FETCH_TIMEOUT + # Path to TLS certificate file + tlsCertFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CERT_FILE + # Path to TLS key file + tlsKeyFile: "" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_TLS_CIPHER_SUITES + +# Envoy XDS server configuration +xdsServer: + # Interval for re-genarting configuration for Dataplanes connected to the Control Plane + dataplaneConfigurationRefreshInterval: 1s # ENV: KUMA_XDS_SERVER_DATAPLANE_CONFIGURATION_REFRESH_INTERVAL + # Interval for flushing status of Dataplanes connected to the Control Plane + dataplaneStatusFlushInterval: 10s # ENV: KUMA_XDS_SERVER_DATAPLANE_STATUS_FLUSH_INTERVAL + # Backoff that is executed when Control Plane is sending the response that was previously rejected by Dataplane + nackBackoff: 5s # ENV: KUMA_XDS_SERVER_NACK_BACKOFF + # A delay between proxy terminating a connection and the CP trying to deregister the proxy. + # It is used only in universal mode when you use direct lifecycle. + # Setting this setting to 0s disables the delay. + # Disabling this may cause race conditions that one instance of CP removes proxy object + # while proxy is connected to another instance of the CP. + dataplaneDeregistrationDelay: 10s # ENV: KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY + +# API Server configuration +apiServer: + # HTTP configuration of the API Server + http: + # If true then API Server will be served on HTTP + enabled: true # ENV: KUMA_API_SERVER_HTTP_ENABLED + # Network interface on which HTTP API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTP_INTERFACE + # Port of the API Server + port: 5681 # ENV: KUMA_API_SERVER_HTTP_PORT + # HTTPS configuration of the API Server + https: + # If true then API Server will be served on HTTPS + enabled: true # ENV: KUMA_API_SERVER_HTTPS_ENABLED + # Network interface on which HTTPS API Server will be exposed + interface: 0.0.0.0 # ENV: KUMA_API_SERVER_HTTPS_INTERFACE + # Port of the HTTPS API Server + port: 5682 # ENV: KUMA_API_SERVER_HTTPS_PORT + # Path to TLS certificate file. Autoconfigured from KUMA_GENERAL_TLS_CERT_FILE if empty + tlsCertFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE + # Path to TLS key file. Autoconfigured from KUMA_GENERAL_TLS_KEY_FILE if empty + tlsKeyFile: "" # ENV: KUMA_API_SERVER_HTTPS_TLS_KEY_FILE + # Path to the CA certificate which is used to sign client certificates. It is used only for verifying client certificates. + tlsCaFile: "" # ENV: KUMA_API_SERVER_HTTPS_CLIENT_CERTS_CA_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_API_SERVER_HTTPS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_API_SERVER_HTTPS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_API_SERVER_HTTPS_TLS_CIPHER_SUITES + # If true, then HTTPS connection will require client cert. + requireClientCert: false # ENV: KUMA_API_SERVER_HTTPS_REQUIRE_CLIENT_CERT + # Authentication configuration for administrative endpoints like Dataplane Token or managing Secrets + auth: + # Directory of authorized client certificates (only validate in HTTPS) + clientCertsDir: "" # ENV: KUMA_API_SERVER_AUTH_CLIENT_CERTS_DIR + # Api Server Authentication configuration + authn: + # Type of authentication mechanism (available values: "adminClientCerts", "tokens") + type: tokens # ENV: KUMA_API_SERVER_AUTHN_TYPE + # Localhost is authenticated as a user admin of group admin + localhostIsAdmin: true # ENV: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN + # Configuration for tokens authentication + tokens: + # If true then User Token with name admin and group admin will be created and placed as admin-user-token Kuma secret + bootstrapAdminToken: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_BOOTSTRAP_ADMIN_TOKEN + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_ENABLE_ISSUER + # Token validator configuration + validator: + # If true then Kuma secrets with prefix "user-token-signing-key" are considered as signing keys. + useSecrets: true # ENV: KUMA_API_SERVER_AUTHN_TOKENS_VALIDATOR_USE_SECRETS + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + + # If true, then API Server will operate in read only mode (serving GET requests) + readOnly: false # ENV: KUMA_API_SERVER_READ_ONLY + # Allowed domains for Cross-Origin Resource Sharing. The value can be either domain or regexp + corsAllowedDomains: + - ".*" # ENV: KUMA_API_SERVER_CORS_ALLOWED_DOMAINS + # Can be used if you use a reverse proxy + rootUrl: "" # ENV: KUMA_API_SERVER_ROOT_URL + # The path to serve the API from + basePath: "/" # ENV: KUMA_API_SERVER_BASE_PATH + # configuration specific to the GUI + gui: + # Whether to serve the gui (if mode=zone this has no effect) + enabled: true # ENV: KUMA_API_SERVER_GUI_ENABLED + # Can be used if you use a reverse proxy or want to serve the gui from a different path + rootUrl: "" # ENV: KUMA_API_SERVER_GUI_ROOT_URL + # The path to serve the GUI from + basePath: "/gui" # ENV: KUMA_API_SERVER_GUI_BASE_PATH + +# Environment-specific configuration +runtime: + # Kubernetes-specific configuration + kubernetes: + # Service name of the Kuma Control Plane. It is used to point Kuma DP to proper URL. + controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME + # Name of Service Account that is used to run the Control Plane + serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME + # Taint controller that prevents applications from scheduling until CNI is ready. + nodeTaintController: + # If true enables the taint controller. + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED + # Value of app label on CNI pod that indicates if node can be ready. + cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP + # Value of CNI namespace. + cniNamespace: "kube-system" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_NAMESPACE + # Admission WebHook Server configuration + admissionServer: + # Address the Admission WebHook Server should be listening on + address: # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS + # Port the Admission WebHook Server should be listening on + port: 5443 # ENV: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT + # Directory with a TLS cert and private key for the Admission WebHook Server. + # TLS certificate file must be named `tls.crt`. + # TLS key file must be named `tls.key`. + certDir: # ENV: kuma_runtime_kubernetes_admission_server_cert_dir + # Injector defines configuration of a Kuma Sidecar Injector. + injector: + # if true runs kuma-cp in CNI compatible mode + cniEnabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED + # list of exceptions for Kuma injection + exceptions: + # a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value. + labels: + openshift.io/build.name: "*" + openshift.io/deployer-pod-for.name: "*" + # VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe + # serves on sub-path of insecure port 'virtualProbesPort', + # i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort + virtualProbesEnabled: true # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_ENABLED + # VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS + virtualProbesPort: 9000 # ENV: KUMA_RUNTIME_KUBERNETES_VIRTUAL_PROBES_PORT + # CaCertFile is CA certificate which will be used to verify a connection to the control plane. + caCertFile: # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE + # SidecarContainer defines configuration of the Kuma sidecar container. + sidecarContainer: + # Image name. + image: kuma/kuma-dp:latest # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE + # Redirect port for inbound traffic. + redirectPortInbound: 15006 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND + # Redirect port for inbound traffic. + redirectPortInboundV6: 15010 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_INBOUND_V6 + # Redirect port for outbound traffic. + redirectPortOutbound: 15001 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_REDIRECT_PORT_OUTBOUND + # User ID. + uid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_UID + # Group ID. + gid: 5678 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_GUI + # Drain time for listeners. + drainTime: 30s # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_DRAIN_TIME + # Readiness probe. + readinessProbe: + # Number of seconds after the container has started before readiness probes are initiated. + initialDelaySeconds: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV : KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_TIMEOUT_SECONDS + # Number of seconds after which the probe times out. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_PERIOD_SECONDS + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_SUCCESS_THRESHOLD + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_READINESS_PROBE_FAILURE_THRESHOLD + # Liveness probe. + livenessProbe: + # Number of seconds after the container has started before liveness probes are initiated. + initialDelaySeconds: 60 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_INITIAL_DELAY_SECONDS + # Number of seconds after which the probe times out. + timeoutSeconds: 3 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_TIMEOUT_SECONDS + # How often (in seconds) to perform the probe. + periodSeconds: 5 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_PERIOD_SECONDS + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 12 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_LIVENESS_PROBE_FAILURE_THRESHOLD + # Compute resource requirements. + resources: + # Minimum amount of compute resources required. + requests: + # CPU, in cores. (500m = .5 cores) + cpu: 50m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 64Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_REQUESTS_MEMORY + # Maximum amount of compute resources allowed. + limits: + # CPU, in cores. (500m = .5 cores) + cpu: 1000m # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_CPU + # Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + memory: 512Mi # ENV: KUMA_INJECTOR_SIDECAR_CONTAINER_RESOURCES_LIMITS_MEMORY + # Additional environment variables that can be placed on Kuma DP sidecar + envVars: {} # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ENV_VARS + # If true, it enables a postStart script that waits until Envoy is ready. + # With the current Kubernetes behavior, any other container in the Pod will wait until the script is complete. + waitForDataplaneReady: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_WAIT_FOR_DATAPLANE_READY + # InitContainer defines configuration of the Kuma init container + initContainer: + # Image name. + image: kuma/kuma-init:latest # ENV: KUMA_INJECTOR_INIT_CONTAINER_IMAGE + # ContainerPatches is an optional list of ContainerPatch names which will be applied + # to init and sidecar containers if workload is not annotated with a patch list. + containerPatches: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_CONTAINER_PATCHES + # Configuration for a traffic that is intercepted by sidecar + sidecarTraffic: + # List of inbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod. + excludeInboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS + # List of outbound ports that will be excluded from interception. + # This setting is applied on every pod unless traffic.kuma.io/exclude-oubound-ports annotation is specified on Pod. + excludeOutboundPorts: [ ] # ENV: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS + builtinDNS: + # Use the built-in DNS + enabled: true # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_ENABLED + # Redirect port for DNS + port: 15053 # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_PORT + # Enable coredns query logging if true + logging: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_LOGGING + # EBPF defines configuration for the ebpf, when transparent proxy is marked to be + # installed using ebpf instead of iptables + ebpf: + # Install transparent proxy using ebpf + enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED + # Name of the environmental variable which will include IP address of the pod + instanceIPEnvVarName: INSTANCE_IP # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_INSTANCE_IP_ENV_VAR_NAME + # Path where BPF file system will be mounted for pinning ebpf programs and maps + bpffsPath: /sys/fs/bpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_BPFFS_PATH + # Path of mounted cgroup2 + cgroupPath: /sys/fs/cgroup # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_CGROUP_PATH + # Name of the network interface which should be used to attach to it TC programs + # when not specified, we will try to automatically determine it + tcAttachIface: "" # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_TC_ATTACH_IFACE + # Path where compiled eBPF programs are placed + programsSourcePath: /kuma/ebpf # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH + # IgnoredServiceSelectorLabels defines a list ignored labels in Service selector. + # If Pod matches a Service with ignored labels, but does not match it fully, it gets Ignored inbound. + # It is useful when you change Service selector and expect traffic to be sent immediately. + # An example of this is ArgoCD's BlueGreen deployment and "rollouts-pod-template-hash" selector. + ignoredServiceSelectorLabels: [] # ENV: KUMA_RUNTIME_KUBERNETES_INJECTOR_IGNORED_SERVICE_SELECTOR_LABELS + marshalingCacheExpirationTime: 5m # ENV: KUMA_RUNTIME_KUBERNETES_MARSHALING_CACHE_EXPIRATION_TIME + # Kubernetes's resources reconciliation concurrency configuration + controllersConcurrency: + # PodController defines maximum concurrent reconciliations of Pod resources + # Default value 10. If set to 0 kube controller-runtime default value of 1 will be used. + podController: 10 # ENV: KUMA_RUNTIME_KUBERNETES_CONTROLLERS_CONCURRENCY_POD_CONTROLLER + # Kubernetes client configuration + clientConfig: + # Qps defines maximum requests kubernetes client is allowed to make per second. + # Default value 100. If set to 0 kube-client default value of 5 will be used. + qps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_QPS + # BurstQps defines maximum burst requests kubernetes client is allowed to make per second + # Default value 100. If set to 0 kube-client default value of 10 will be used. + burstQps: 100 # ENV: KUMA_RUNTIME_KUBERNETES_CLIENT_CONFIG_BURST_QPS + leaderElection: + # LeaseDuration is the duration that non-leader candidates will + # wait to force acquire leadership. This is measured against time of + # last observed ack. Default is 15 seconds. + leaseDuration: 15s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_LEASE_DURATION + # RenewDeadline is the duration that the acting controlplane will retry + # refreshing leadership before giving up. Default is 10 seconds. + renewDeadline: 10s # ENV: KUMA_RUNTIME_KUBERNETES_LEADER_ELECTION_RENEW_DEADLINE + # Universal-specific configuration + universal: + # DataplaneCleanupAge defines how long Dataplane should be offline to be cleaned up by GC + dataplaneCleanupAge: 72h0m0s # ENV: KUMA_RUNTIME_UNIVERSAL_DATAPLANE_CLEANUP_AGE + +# Default Kuma entities configuration +defaults: + # If true, it skips creating the default Mesh + skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION + # If true, it skips creating the default tenant resources + skipTenantResources: false # ENV: KUMA_DEFAULTS_SKIP_TENANT_RESOURCES + +# Metrics configuration +metrics: + dataplane: + # How many latest subscriptions will be stored in DataplaneInsight object, if equals 0 then unlimited + subscriptionLimit: 2 # ENV: KUMA_METRICS_DATAPLANE_SUBSCRIPTION_LIMIT + # How long data plane proxy can stay Online without active xDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_DATAPLANE_IDLE_TIMEOUT + zone: + # How many latest subscriptions will be stored in ZoneInsights object, if equals 0 then unlimited + subscriptionLimit: 10 # ENV: KUMA_METRICS_ZONE_SUBSCRIPTION_LIMIT + # How long zone can stay Online without active KDS connection + idleTimeout: 5m # ENV: KUMA_METRICS_ZONE_IDLE_TIMEOUT + # Compact finished metrics (do not store config and details of KDS exchange). + compactFinishedSubscriptions: false # ENV: KUMA_METRICS_ZONE_COMPACT_FINISHED_SUBSCRIPTIONS + mesh: + # Minimum time between 2 refresh of insights + minResyncInterval: 1s # ENV: KUMA_METRICS_MESH_MIN_RESYNC_INTERVAL + # time between triggering a full refresh of all the insights + fullResyncInterval: 20s # ENV: KUMA_METRICS_MESH_FULL_RESYNC_INTERVAL + # the size of the buffer between event creation and processing + bufferSize: 1000 # ENV: KUMA_METRICS_MESH_BUFFER_SIZE + # the number of workers that process metrics events + eventProcessors: 1 # ENV: KUMA_METRICS_MESH_EVENT_PROCESSORS + controlPlane: + # If true metrics show number of resources in the system should be reported + reportResourcesCount: true # ENV: KUMA_METRICS_CONTROL_PLANE_REPORT_RESOURCES_COUNT + +# Reports configuration +reports: + # If true then usage stats will be reported + enabled: false # ENV: KUMA_REPORTS_ENABLED + +# General configuration +general: + # dnsCacheTTL represents duration for how long Kuma CP will cache result of resolving dataplane's domain name + dnsCacheTTL: 10s # ENV: KUMA_GENERAL_DNS_CACHE_TTL + # TlsCertFile defines a path to a file with PEM-encoded TLS cert that will be used across all the Kuma Servers. + tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers. + tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS used across all the Kuma Servers. + tlsMinVersion: "TLSv1_2" # ENV: KUMA_GENERAL_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS used across all the Kuma Servers. + tlsMaxVersion: # ENV: KUMA_GENERAL_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites to be used across all the Kuma Servers. + tlsCipherSuites: [] # ENV: KUMA_GENERAL_TLS_CIPHER_SUITES + # WorkDir defines a path to the working directory + # Kuma stores in this directory autogenerated entities like certificates. + # If empty then the working directory is $HOME/.kuma + workDir: "" # ENV: KUMA_GENERAL_WORK_DIR + +# DNS Server configuration +dnsServer: + # The domain that the server will resolve the services for + domain: "mesh" # ENV: KUMA_DNS_SERVER_DOMAIN + # The CIDR range used to allocate + CIDR: "240.0.0.0/4" # ENV: KUMA_DNS_SERVER_CIDR + # Will create a service ".mesh" dns entry for every service. + serviceVipEnabled: true # ENV: KUMA_DNS_SERVER_SERVICE_VIP_ENABLED + # The port to use along with the `.mesh` dns entry + serviceVipPort: 80 # ENV: KUMA_DNS_SERVICE_SERVICE_VIP_PORT + +# Multizone mode +multizone: + global: + kds: + # Port of a gRPC server that serves Kuma Discovery Service (KDS). + grpcPort: 5685 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL + # Interval for flushing Zone Insights (stats of multi-zone communication) + zoneInsightFlushInterval: 10s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_ZONE_INSIGHT_FLUSH_INTERVAL + # TlsEnabled turns on TLS for KDS + tlsEnabled: true # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. + tlsCertFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. + tlsKeyFile: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_MULTIZONE_GLOBAL_KDS_TLS_CIPHER_SUITES + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the global control plane is sending the response that was previously rejected by zone control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_NACK_BACKOFF + # DisableSOTW if true doesn't expose SOTW version of KDS. Default: false + disableSOTW: false # ENV: KUMA_MULTIZONE_GLOBAL_KDS_DISABLE_SOTW + # Response backoff is a time Global CP waits before sending ACK/NACK. + # This is a way to slow down Zone CP from sending resources too often. + responseBackoff: 0s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_RESPONSE_BACKOFF + zone: + # Kuma Zone name used to mark the zone dataplane resources + name: "default" # ENV: KUMA_MULTIZONE_ZONE_NAME + # GlobalAddress URL of Global Kuma CP + globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + kds: + # Interval for refreshing state of the world + refreshInterval: 1s # ENV: KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL + # RootCAFile defines a path to a file with PEM-encoded Root CA. Client will verify server by using it. + rootCaFile: # ENV: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + # If true, TLS connection to the server won't be verified. + tlsSkipVerify: false # ENV: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + # MaxMsgSize defines a maximum size of the message in bytes that is exchanged using KDS. + # In practice this means a limit on full list of one resource type. + maxMsgSize: 10485760 # ENV: KUMA_MULTIZONE_ZONE_KDS_MAX_MSG_SIZE + # MsgSendTimeout defines a timeout on sending a single KDS message. + # KDS stream between control planes is terminated if the control plane hits this timeout. + msgSendTimeout: 60s # ENV: KUMA_MULTIZONE_ZONE_KDS_MSG_SEND_TIMEOUT + # Backoff that is executed when the zone control plane is sending the response that was previously rejected by global control plane + nackBackoff: 5s # ENV: KUMA_MULTIZONE_ZONE_KDS_NACK_BACKOFF + # Response backoff is a time Zone CP waits before sending ACK/NACK. + # This is a way to slow down Global CP from sending resources too often. + responseBackoff: 0s # ENV: KUMA_MULTIZONE_ZONE_KDS_RESPONSE_BACKOFF + +# Diagnostics configuration +diagnostics: + # Port of Diagnostic Server for checking health and readiness of the Control Plane + serverPort: 5680 # ENV: KUMA_DIAGNOSTICS_SERVER_PORT + # If true, enables https://golang.org/pkg/net/http/pprof/ debug endpoints + debugEndpoints: false # ENV: KUMA_DIAGNOSTICS_DEBUG_ENDPOINTS + # Whether tls is enabled or not + tlsEnabled: false # ENV: KUMA_DIAGNOSTICS_TLS_ENABLED + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DIAGNOSTICS_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DIAGNOSTICS_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DIAGNOSTICS_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DIAGNOSTICS_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DIAGNOSTICS_TLS_CIPHER_SUITES + +# Dataplane Server configuration that servers API like Bootstrap/XDS for the Dataplane. +dpServer: + # Port of the DP Server + port: 5678 # ENV: KUMA_DP_SERVER_PORT + # TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, autoconfigured from general.tlsCertFile + tlsCertFile: # ENV: KUMA_DP_SERVER_TLS_CERT_FILE + # TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, autoconfigured from general.tlsKeyFile + tlsKeyFile: # ENV: KUMA_DP_SERVER_TLS_KEY_FILE + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_DP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_DP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [] # ENV: KUMA_DP_SERVER_TLS_CIPHER_SUITES + # ReadHeaderTimeout defines the amount of time DP server will be allowed + # to read request headers. The connection's read deadline is reset + # after reading the headers and the Handler can decide what is considered + # too slow for the body. If ReadHeaderTimeout is zero there is no timeout. + # The timeout is configurable as in rare cases, when Kuma CP was restarting, + # 1s which is explicitly set in other servers was insufficient and DPs + # were failing to reconnect (we observed this in Projected Service Account + # Tokens e2e tests, which started flaking a lot after introducing explicit + # 1s timeout) + readHeaderTimeout: 5s # ENV: KUMA_DP_SERVER_READ_HEADER_TIMEOUT + # Auth defines an authentication configuration for the DP Server + # DEPRECATED: use "authn" section. + auth: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" # ENV: KUMA_DP_SERVER_AUTH_TYPE + # Authn defines an authentication configuration for the DP Server + authn: + # Configuration for data plane proxy authentication. + dpProxy: + # Type of authentication. Available values: "serviceAccountToken", "dpToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal. + type: "" + # Configuration of dpToken authentication method + dpToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # DP Token validator configuration. + validator: + # If true then Kuma secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # mesh: default + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # mesh: demo + # keyFile: /keys/public.pem + publicKeys: [] + # Configuration for zone proxy authentication. + zoneProxy: + # Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none". + # If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal. + type: "" + # Configuration for zoneToken authentication method. + zoneToken: + # If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline. + enableIssuer: true + # Zone Token validator configuration. + validator: + # If true then Kuma secrets with prefix "zone-token-signing-key" are considered as signing keys. + useSecrets: true + # List of public keys used to validate the token. Example: + # - kid: 1 + # key: | + # -----BEGIN RSA PUBLIC KEY----- + # MIIBCgKCAQEAq.... + # -----END RSA PUBLIC KEY----- + # - kid: 2 + # keyFile: /keys/public.pem + publicKeys: [] + # If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) stored in the file without proxy restart. + enableReloadableTokens: false # ENV: KUMA_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS + # Hds defines a Health Discovery Service configuration + hds: + # Enabled if true then Envoy will actively check application's ports, but only on Universal. + # On Kubernetes this feature disabled for now regardless the flag value + enabled: true # ENV: KUMA_DP_SERVER_HDS_ENABLED + # Interval for Envoy to send statuses for HealthChecks + interval: 5s # ENV: KUMA_DP_SERVER_HDS_INTERVAL + # RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane + refreshInterval: 10s # ENV: KUMA_DP_SERVER_HDS_REFRESH_INTERVAL + # Check defines a HealthCheck configuration + checkDefaults: + # Timeout is a time to wait for a health check response. If the timeout is reached the + # health check attempt will be considered a failure + timeout: 2s # ENV: KUMA_DP_SERVER_HDS_CHECK_TIMEOUT + # Interval between health checks + interval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_INTERVAL + # NoTrafficInterval is a special health check interval that is used when a cluster has + # never had traffic routed to it + noTrafficInterval: 1s # ENV: KUMA_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL + # HealthyThreshold is a number of healthy health checks required before a host is marked healthy + healthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD + # UnhealthyThreshold is a number of unhealthy health checks required before a host is marked unhealthy + unhealthyThreshold: 1 # ENV: KUMA_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD + +# Intercommunication CP configuration +interCp: + # Catalog configuration. Catalog keeps a record of all live CP instances in the zone. + catalog: + # Indicates an address on which other control planes can communicate with this CP. + # If empty then it's autoconfigured by taking the first IP of the nonloopback network interface. + instanceAddress: "" # ENV: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS + # Interval on which CP will send heartbeat to a leader. + heartbeatInterval: 5s # ENV: KUMA_INTER_CP_CATALOG_HEARTBEAT_INTERVAL + # Interval on which CP will write all instances to a catalog. + writerInterval: 15s # ENV: KUMA_INTER_CP_CATALOG_WRITER_INTERVAL + # Intercommunication CP server configuration + server: + # Port of the inter-cp server + port: 5683 # ENV: KUMA_INTER_CP_SERVER_PORT + # TlsMinVersion the minimum version of TLS + tlsMinVersion: "TLSv1_2" # ENV: KUMA_INTER_CP_SERVER_TLS_MIN_VERSION + # TlsMaxVersion the maximum version of TLS + tlsMaxVersion: # ENV: KUMA_INTER_CP_SERVER_TLS_MAX_VERSION + # TlsCipherSuites the list of cipher suites + tlsCipherSuites: [ ] # ENV: KUMA_INTER_CP_SERVER_TLS_CIPHER_SUITES + +# Access Control configuration +access: + # Type of access strategy (available values: "static") + type: static + # Configuration of static access strategy + static: + # AdminResources defines an access to admin resources (Secret/GlobalSecret) + adminResources: + # List of users that are allowed to access admin resources + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS + # List of groups that are allowed to access admin resources + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS + # GenerateDPToken defines an access to generating dataplane token + generateDpToken: + # List of users that are allowed to generate dataplane token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS + # List of groups that are allowed to generate dataplane token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS + # GenerateUserToken defines an access to generating user token + generateUserToken: + # List of users that are allowed to generate user token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS + # List of groups that are allowed to generate user token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS + # GenerateZoneToken defines an access to generating zone token + generateZoneToken: + # List of users that are allowed to generate zone token + users: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS + # List of groups that are allowed to generate zone token + groups: ["mesh-system:admin"] # ENV: KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS + viewConfigDump: + # List of users that are allowed to get envoy config dump + users: [ ] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS + # List of groups that are allowed to get envoy config dump + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS + viewStats: + # List of users that are allowed to get envoy stats + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_USERS + # List of groups that are allowed to get envoy stats + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS + viewClusters: + # List of users that are allowed to get envoy clusters + users: [ ] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS + # List of groups that are allowed to get envoy clusters + groups: ["mesh-system:unauthenticated","mesh-system:authenticated"] # ENV: KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS + +# Configuration of experimental features of Kuma +experimental: + # If true, experimental Gateway API is enabled + gatewayAPI: false # ENV: KUMA_EXPERIMENTAL_GATEWAY_API + # If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap + # This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config + kubeOutboundsAsVIPs: true # ENV: KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS + # Tag first virtual outbound model is compressed version of default Virtual Outbound model + # It is recommended to use tag first model for deployments with more than 2k services + # You can enable this flag on existing deployment. In order to downgrade cp with this flag enabled + # you need to first disable this flag and redeploy cp, after config is rewritten to default + # format you can downgrade your cp + useTagFirstVirtualOutboundModel: false # ENV: KUMA_EXPERIMENTAL_USE_TAG_FIRST_VIRTUAL_OUTBOUND_MODEL + # If true, KDS will sync using incremental xDS updates + kdsDeltaEnabled: true # ENV: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + # List of prefixes that will be used to filter out tags by keys from ingress' available services section. + # This can trim the size of the ZoneIngress object significantly. + # The drawback is that you cannot use filtered out tags for traffic routing. + # If empty, no filter is applied. + ingressTagFilters: [] # ENV: KUMA_EXPERIMENTAL_INGRESS_TAG_FILTERS + # KDS event based watchdog settings. It is a more optimal way to generate KDS snapshot config. + kdsEventBasedWatchdog: + # If true, then experimental event based watchdog to generate KDS snapshot is used. + enabled: false # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_ENABLED + # How often we flush changes when experimental event based watchdog is used. + flushInterval: 5s # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FLUSH_INTERVAL + # How often we schedule full KDS resync when experimental event based watchdog is used. + fullResyncInterval: 60s # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_FULL_RESYNC_INTERVAL + # If true, then initial full resync is going to be delayed by 0 to FullResyncInterval. + delayFullResync: false # ENV: KUMA_EXPERIMENTAL_KDS_EVENT_BASED_WATCHDOG_DELAY_FULL_RESYNC + # If true then control plane computes reachable services automatically based on MeshTrafficPermission. + # Lack of MeshTrafficPermission is treated as Deny the traffic. + autoReachableServices: false # ENV: KUMA_EXPERIMENTAL_AUTO_REACHABLE_SERVICES + +proxy: + gateway: + # Sets the envoy runtime value to limit maximum number of incoming + # connections to a builtin gateway data plane proxy + globalDownstreamMaxConnections: 50000 # ENV: KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS + +tracing: + openTelemetry: + endpoint: "" # e.g. otel-collector:4317 + +# Configuration of the event bus which is local to one instance of CP +eventBus: + # BufferSize controls the buffer for every single event listener. + # If we go over buffer, additional delay may happen to various operation like insight recomputation or KDS. + bufferSize: 100 # ENV: KUMA_EVENT_BUS_BUFFER_SIZE diff --git a/app/assets/dev/raw/protos/CertificateAuthorityBackend.json b/app/assets/dev/raw/protos/CertificateAuthorityBackend.json new file mode 100644 index 000000000..275569b17 --- /dev/null +++ b/app/assets/dev/raw/protos/CertificateAuthorityBackend.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CertificateAuthorityBackend", + "definitions": { + "CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/CircuitBreaker.json b/app/assets/dev/raw/protos/CircuitBreaker.json new file mode 100644 index 000000000..f5d016d2a --- /dev/null +++ b/app/assets/dev/raw/protos/CircuitBreaker.json @@ -0,0 +1,198 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/CircuitBreaker", + "definitions": { + "CircuitBreaker": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Circuit Breaker", + "description": "CircuitBreaker defines circuit breaking policy for dataplane's outbound" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Time interval between ejection analysis sweeps", + "format": "regex" + }, + "baseEjectionTime": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected", + "format": "regex" + }, + "maxEjectionPercent": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum percent of an upstream cluster that can be ejected due to outlier detection, has to be in [0 - 100] range" + }, + "splitExternalAndLocalErrors": { + "type": "boolean", + "description": "Enables Split Mode in which local and external errors are distinguished" + }, + "detectors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors", + "additionalProperties": true + }, + "thresholds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors": { + "properties": { + "totalErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Errors with status code 5xx and locally originated errors, in Split Mode - just errors with status code 5xx" + }, + "gatewayErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Subset of 'total' related to gateway errors (502, 503 or 504 status code)" + }, + "localErrors": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors", + "additionalProperties": true, + "description": "Takes into account only in Split Mode, number of locally originated errors" + }, + "standardDeviation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation", + "additionalProperties": true + }, + "failure": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Detectors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Errors": { + "properties": { + "consecutive": { + "additionalProperties": true, + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Errors", + "description": "Detector based on counting consecutive number of errors" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.Failure": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Eject host if failure percentage of a given host is greater than or equal to this value, has to be in [0 - 100] range" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Failure", + "description": "Detection based on success rate, but threshold is set explicitly (unlike 'standardDeviation')" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Detectors.StandardDeviation": { + "properties": { + "requestVolume": { + "additionalProperties": true, + "type": "integer", + "description": "Ignore hosts with less number of requests than 'requestVolume'" + }, + "minimumHosts": { + "additionalProperties": true, + "type": "integer", + "description": "Won't count success rate for cluster if number of hosts with required 'requestVolume' is less than 'minimumHosts'" + }, + "factor": { + "additionalProperties": true, + "type": "number", + "description": "Resulting threshold = mean - (stdev * factor)" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Standard Deviation", + "description": "Detection based on success rate, aggregated from every host in the cluser" + }, + "kuma.mesh.v1alpha1.CircuitBreaker.Conf.Thresholds": { + "properties": { + "maxConnections": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024." + }, + "maxPendingRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024." + }, + "maxRetries": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel retries that Envoy will allow to the upstream cluster. If not specified, the default is 3." + }, + "maxRequests": { + "additionalProperties": true, + "type": "integer", + "description": "The maximum number of parallel requests that Envoy will make to the upstream cluster. If not specified, the default is 1024." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Thresholds" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ClustersRequest.json b/app/assets/dev/raw/protos/ClustersRequest.json new file mode 100644 index 000000000..7c9612d2c --- /dev/null +++ b/app/assets/dev/raw/protos/ClustersRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersRequest", + "definitions": { + "ClustersRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp clusters request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp clusters request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Request", + "description": "ClustersRequest is a request for kuma-dp clusters that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ClustersResponse.json b/app/assets/dev/raw/protos/ClustersResponse.json new file mode 100644 index 000000000..2c6802f17 --- /dev/null +++ b/app/assets/dev/raw/protos/ClustersResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ClustersResponse", + "definitions": { + "ClustersResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp clusters request." + }, + "clusters": { + "type": "string", + "description": "The clusters content that is a successful result of kuma-dp clusters execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Clusters Response", + "description": "ClustersResponse is a response containing result of kuma-dp clusters execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DatadogTracingBackendConfig.json b/app/assets/dev/raw/protos/DatadogTracingBackendConfig.json new file mode 100644 index 000000000..e6f53ec54 --- /dev/null +++ b/app/assets/dev/raw/protos/DatadogTracingBackendConfig.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DatadogTracingBackendConfig", + "definitions": { + "DatadogTracingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address of datadog collector." + }, + "port": { + "type": "integer", + "description": "Port of datadog collector" + }, + "splitService": { + "type": "boolean", + "description": "Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Datadog Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Dataplane.json b/app/assets/dev/raw/protos/Dataplane.json new file mode 100644 index 000000000..29b8197c1 --- /dev/null +++ b/app/assets/dev/raw/protos/Dataplane.json @@ -0,0 +1,344 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Dataplane", + "definitions": { + "Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "state": { + "enum": [ + "Ready", + 0, + "NotReady", + 1, + "Ignored", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "State" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DataplaneInsight.json b/app/assets/dev/raw/protos/DataplaneInsight.json new file mode 100644 index 000000000..1188b51e1 --- /dev/null +++ b/app/assets/dev/raw/protos/DataplaneInsight.json @@ -0,0 +1,232 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneInsight", + "definitions": { + "DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DataplaneOverview.json b/app/assets/dev/raw/protos/DataplaneOverview.json new file mode 100644 index 000000000..fa880156a --- /dev/null +++ b/app/assets/dev/raw/protos/DataplaneOverview.json @@ -0,0 +1,586 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DataplaneOverview", + "definitions": { + "DataplaneOverview": { + "properties": { + "dataplane": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane", + "additionalProperties": true + }, + "dataplane_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Overview", + "description": "DataplaneOverview defines the projected state of a Dataplane." + }, + "kuma.mesh.v1alpha1.Dataplane": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking", + "additionalProperties": true, + "description": "Networking describes inbound and outbound interfaces of the data plane proxy." + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend", + "additionalProperties": true, + "description": "Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level." + }, + "probes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes", + "additionalProperties": true, + "description": "Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane", + "description": "Dataplane defines a configuration of a side-car proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it." + }, + "advertisedAddress": { + "type": "string", + "description": "In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`." + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Gateway", + "additionalProperties": true, + "description": "Gateway describes a configuration of the gateway of the data plane proxy." + }, + "inbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound" + }, + "type": "array", + "description": "Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "outbound": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Outbound" + }, + "type": "array", + "description": "Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener." + }, + "transparent_proxying": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying", + "additionalProperties": true, + "description": "TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes inbound and outbound interfaces of a data plane proxy." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Gateway": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory." + }, + "type": { + "enum": [ + "DELEGATED", + 0, + "BUILTIN", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Gateway Type" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Gateway", + "description": "Gateway describes a service that ingress should not be proxied." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound": { + "properties": { + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port." + }, + "servicePort": { + "type": "integer", + "description": "Port of the service that requests will be forwarded to. Defaults to the same value as `port`." + }, + "serviceAddress": { + "type": "string", + "description": "Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service." + }, + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed. Defaults to `networking.address`." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory." + }, + "health": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health", + "additionalProperties": true, + "description": "Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "serviceProbe": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe", + "additionalProperties": true, + "description": "ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information." + }, + "state": { + "enum": [ + "Ready", + 0, + "NotReady", + 1, + "Ignored", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "State" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Inbound", + "description": "Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy are going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health": { + "properties": { + "ready": { + "type": "boolean", + "description": "Ready indicates if the data plane proxy is ready to serve the traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health", + "description": "Health describes the status of an inbound" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "additionalProperties": true, + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp", + "additionalProperties": true, + "description": "Tcp checker tries to establish tcp connection with destination" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Probe", + "description": "ServiceProbe defines parameters for probing service's port" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp": { + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.Outbound": { + "properties": { + "address": { + "type": "string", + "description": "IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1" + }, + "port": { + "type": "integer", + "description": "Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes a service consumed by the data plane proxy. For every defined Outbound there is a corresponding Envoy Listener." + }, + "kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying": { + "properties": { + "redirect_port_inbound": { + "type": "integer", + "description": "Port on which all inbound traffic is being transparently redirected." + }, + "redirect_port_outbound": { + "type": "integer", + "description": "Port on which all outbound traffic is being transparently redirected." + }, + "direct_access_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed." + }, + "redirect_port_inbound_v6": { + "type": "integer", + "description": "Port on which all IPv6 inbound traffic is being transparently redirected." + }, + "reachable_services": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Transparent Proxying", + "description": "TransparentProxying describes configuration for transparent proxying." + }, + "kuma.mesh.v1alpha1.Dataplane.Probes": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which the probe endpoints will be exposed. This cannot overlap with any other ports." + }, + "endpoints": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint" + }, + "type": "array", + "description": "List of endpoints to expose without mTLS." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Probes" + }, + "kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint": { + "properties": { + "inbound_port": { + "type": "integer", + "description": "Inbound port is a port of the application from which we expose the endpoint." + }, + "inbound_path": { + "type": "string", + "description": "Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible." + }, + "path": { + "type": "string", + "description": "Path is a path on which we expose inbound path on the probes port." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Endpoint" + }, + "kuma.mesh.v1alpha1.DataplaneInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Dataplane." + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DataplaneInsight.MTLS", + "additionalProperties": true, + "description": "Insights about mTLS for Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Insight", + "description": "DataplaneInsight defines the observed state of a Dataplane." + }, + "kuma.mesh.v1alpha1.DataplaneInsight.MTLS": { + "properties": { + "certificate_expiration_time": { + "type": "string", + "description": "Expiration time of the last certificate that was generated for a Dataplane.", + "format": "date-time" + }, + "last_certificate_regeneration": { + "type": "string", + "description": "Time on which the last certificate was generated.", + "format": "date-time" + }, + "certificate_regenerations": { + "type": "integer", + "description": "Number of certificate regenerations for a Dataplane." + }, + "issuedBackend": { + "type": "string", + "description": "Backend that was used to generate current certificate" + }, + "supportedBackends": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Supported backends (CA)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS", + "description": "MTLS defines insights for mTLS" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DiscoveryServiceStats.json b/app/assets/dev/raw/protos/DiscoveryServiceStats.json new file mode 100644 index 000000000..eadb3791c --- /dev/null +++ b/app/assets/dev/raw/protos/DiscoveryServiceStats.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoveryServiceStats", + "definitions": { + "DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DiscoverySubscription.json b/app/assets/dev/raw/protos/DiscoverySubscription.json new file mode 100644 index 000000000..06db6c019 --- /dev/null +++ b/app/assets/dev/raw/protos/DiscoverySubscription.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscription", + "definitions": { + "DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/DiscoverySubscriptionStatus.json b/app/assets/dev/raw/protos/DiscoverySubscriptionStatus.json new file mode 100644 index 000000000..2ac471c4a --- /dev/null +++ b/app/assets/dev/raw/protos/DiscoverySubscriptionStatus.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/DiscoverySubscriptionStatus", + "definitions": { + "DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/EnvoyAdmin.json b/app/assets/dev/raw/protos/EnvoyAdmin.json new file mode 100644 index 000000000..e26fdf4be --- /dev/null +++ b/app/assets/dev/raw/protos/EnvoyAdmin.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyAdmin", + "definitions": { + "EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/EnvoyVersion.json b/app/assets/dev/raw/protos/EnvoyVersion.json new file mode 100644 index 000000000..c14f40762 --- /dev/null +++ b/app/assets/dev/raw/protos/EnvoyVersion.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/EnvoyVersion", + "definitions": { + "EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ExternalService.json b/app/assets/dev/raw/protos/ExternalService.json new file mode 100644 index 000000000..bfa3f7672 --- /dev/null +++ b/app/assets/dev/raw/protos/ExternalService.json @@ -0,0 +1,112 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ExternalService", + "definitions": { + "ExternalService": { + "properties": { + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking", + "additionalProperties": true + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with the external service, e.g. kuma.io/service=web, kuma.io/protocol, version=1.0." + } + }, + "additionalProperties": true, + "type": "object", + "title": "External Service", + "description": "ExternalService defines configuration of the externally accessible service" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address of the external service" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ExternalService.Networking.TLS", + "additionalProperties": true + }, + "disableHostDNSEntry": { + "type": "boolean", + "description": "If disableHostDNSEntry is set to true then a DNS entry for the external service taken from 'networking.address' won't be generated. You can still reach this external service using external-service-name.mesh:80 where \"external-service-name\" is taken from \"kuma.io/service\" tag." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking describes the properties of the external service connectivity" + }, + "kuma.mesh.v1alpha1.ExternalService.Networking.TLS": { + "properties": { + "enabled": { + "type": "boolean", + "description": "denotes that the external service uses TLS" + }, + "ca_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the certificate of CA" + }, + "client_cert": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "client_key": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource", + "additionalProperties": true, + "description": "Data source for the authentication" + }, + "allowRenegotiation": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then TLS session will allow renegotiation. It's not recommended to set this to true because of security reasons. However, some servers require this setting, especially when using mTLS." + }, + "server_name": { + "additionalProperties": true, + "type": "string", + "description": "ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to \"address\" specified in \"networking\"." + }, + "skipHostnameVerification": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then hostname verification will be skipped during certificate verification." + } + }, + "additionalProperties": true, + "type": "object", + "title": "TLS", + "description": "TLS" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/FaultInjection.json b/app/assets/dev/raw/protos/FaultInjection.json new file mode 100644 index 000000000..702233c5a --- /dev/null +++ b/app/assets/dev/raw/protos/FaultInjection.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FaultInjection", + "definitions": { + "FaultInjection": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf", + "additionalProperties": true, + "description": "Configuration of FaultInjection" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Fault Injection", + "description": "FaultInjection defines the configuration of faults between dataplanes." + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf": { + "properties": { + "delay": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Delay", + "additionalProperties": true, + "description": "Delay if specified then response from the destination will be delivered with a delay" + }, + "abort": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.Abort", + "additionalProperties": true, + "description": "Abort if specified makes source side to receive specified httpStatus code" + }, + "response_bandwidth": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth", + "additionalProperties": true, + "description": "ResponseBandwidth if specified limits the speed of sending response body" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines several types of faults, at least one fault should be specified" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Abort": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which abort will be injected, has to be in [0.0 - 100.0] range" + }, + "httpStatus": { + "additionalProperties": true, + "type": "integer", + "description": "HTTP status code which will be returned to source side" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Abort", + "description": "Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.Delay": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which delay will be injected, has to be in [0.0 - 100.0] range" + }, + "value": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The duration during which the response will be delayed", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Delay", + "description": "Delay defines configuration of delaying a response from a destination" + }, + "kuma.mesh.v1alpha1.FaultInjection.Conf.ResponseBandwidth": { + "properties": { + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of requests on which response bandwidth limit will be injected, has to be in [0.0 - 100.0] range" + }, + "limit": { + "additionalProperties": true, + "type": "string", + "description": "Limit is represented by value measure in gbps, mbps, kbps or bps, e.g. 10kbps" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Response Bandwidth", + "description": "ResponseBandwidth defines a configuration to limit the speed of responding to the requests" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/FileLoggingBackendConfig.json b/app/assets/dev/raw/protos/FileLoggingBackendConfig.json new file mode 100644 index 000000000..7302651b2 --- /dev/null +++ b/app/assets/dev/raw/protos/FileLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/FileLoggingBackendConfig", + "definitions": { + "FileLoggingBackendConfig": { + "properties": { + "path": { + "type": "string", + "description": "Path to a file that logs will be written to" + } + }, + "additionalProperties": true, + "type": "object", + "title": "File Logging Backend Config", + "description": "FileLoggingBackendConfig defines configuration for file based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/HealthCheck.json b/app/assets/dev/raw/protos/HealthCheck.json new file mode 100644 index 000000000..495846305 --- /dev/null +++ b/app/assets/dev/raw/protos/HealthCheck.json @@ -0,0 +1,212 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/HealthCheck", + "definitions": { + "HealthCheck": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that should be configured to do health checks." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf", + "additionalProperties": true, + "description": "Configuration for various types of health checking." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Health Check", + "description": "HealthCheck defines configuration for health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Interval between consecutive health checks.", + "format": "regex" + }, + "timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Maximum time to wait for a health check response.", + "format": "regex" + }, + "unhealthy_threshold": { + "type": "integer", + "description": "Number of consecutive unhealthy checks before considering a host unhealthy." + }, + "healthy_threshold": { + "type": "integer", + "description": "Number of consecutive healthy checks before considering a host healthy." + }, + "initial_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, Envoy will start health checking after for a random time in ms between 0 and initial_jitter. This only applies to the first health check.", + "format": "regex" + }, + "interval_jitter": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "If specified, during every interval Envoy will add interval_jitter to the wait time.", + "format": "regex" + }, + "interval_jitter_percent": { + "type": "integer", + "description": "If specified, during every interval Envoy will add interval_ms * interval_jitter_percent / 100 to the wait time. If interval_jitter_ms and interval_jitter_percent are both set, both of them will be used to increase the wait time." + }, + "healthy_panic_threshold": { + "additionalProperties": true, + "type": "number", + "description": "Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%." + }, + "fail_traffic_on_panic": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service." + }, + "event_log_path": { + "type": "string", + "description": "Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written." + }, + "always_log_health_check_failures": { + "additionalProperties": true, + "type": "boolean", + "description": "If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false." + }, + "no_traffic_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The \"no traffic interval\" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for \"no traffic interval\" is 60 seconds.", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http", + "additionalProperties": true + }, + "reuse_connection": { + "additionalProperties": true, + "type": "boolean", + "description": "Reuse health check connection between health checks. Default is true." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines configuration for various types of health checking." + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http": { + "properties": { + "path": { + "type": "string", + "description": "The HTTP path which will be requested during the health check (ie. /health) +required" + }, + "request_headers_to_add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption" + }, + "type": "array", + "description": "The list of HTTP headers which should be added to each health check request +optional" + }, + "expected_statuses": { + "items": { + "type": "integer", + "title": "U Int 32 Value", + "description": "Wrapper message for `uint32`. The JSON representation for `UInt32Value` is JSON number." + }, + "type": "array", + "description": "List of HTTP response statuses which are considered healthy +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines optional Http configuration which will instruct the service the health check will be made for is an http service. It's mutually exclusive with the Tcp block so when provided you can't provide the Tcp configuration" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +required" + }, + "value": { + "type": "string", + "description": "Header value +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValueOption": { + "properties": { + "header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.HealthCheck.Conf.Http.HeaderValue", + "additionalProperties": true, + "description": "Key/Value representation of the HTTP header +required" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "The bool value which if true (default) will mean the header values should be appended to already present ones +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value Option" + }, + "kuma.mesh.v1alpha1.HealthCheck.Conf.Tcp": { + "properties": { + "send": { + "additionalProperties": true, + "type": "string", + "description": "Bytes which will be send during the health check to the target" + }, + "receive": { + "items": { + "type": "string", + "title": "Bytes Value", + "description": "Wrapper message for `bytes`. The JSON representation for `BytesValue` is JSON string." + }, + "type": "array", + "description": "Bytes blocks expected as a response. When checking the response, “fuzzy” matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines optional configuration for specifying bytes to send and expected response during the health check" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/HttpMethod.json b/app/assets/dev/raw/protos/HttpMethod.json new file mode 100644 index 000000000..71495c878 --- /dev/null +++ b/app/assets/dev/raw/protos/HttpMethod.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/KumaDpVersion.json b/app/assets/dev/raw/protos/KumaDpVersion.json new file mode 100644 index 000000000..2d087b8c8 --- /dev/null +++ b/app/assets/dev/raw/protos/KumaDpVersion.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaDpVersion", + "definitions": { + "KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/KumaResource.json b/app/assets/dev/raw/protos/KumaResource.json new file mode 100644 index 000000000..28f5ce5d1 --- /dev/null +++ b/app/assets/dev/raw/protos/KumaResource.json @@ -0,0 +1,55 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/KumaResource", + "definitions": { + "KumaResource": { + "properties": { + "meta": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaResource.Meta", + "additionalProperties": true + }, + "spec": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Resource" + }, + "kuma.mesh.v1alpha1.KumaResource.Meta": { + "properties": { + "name": { + "type": "string" + }, + "mesh": { + "type": "string" + }, + "version": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Meta" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Logging.json b/app/assets/dev/raw/protos/Logging.json new file mode 100644 index 000000000..e86a46b02 --- /dev/null +++ b/app/assets/dev/raw/protos/Logging.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Logging", + "definitions": { + "Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/LoggingBackend.json b/app/assets/dev/raw/protos/LoggingBackend.json new file mode 100644 index 000000000..d1770d208 --- /dev/null +++ b/app/assets/dev/raw/protos/LoggingBackend.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/LoggingBackend", + "definitions": { + "LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Mesh.json b/app/assets/dev/raw/protos/Mesh.json new file mode 100644 index 000000000..5469c8bd2 --- /dev/null +++ b/app/assets/dev/raw/protos/Mesh.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Mesh", + "definitions": { + "Mesh": { + "properties": { + "mtls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Mtls", + "additionalProperties": true, + "description": "mTLS settings. +optional" + }, + "tracing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Tracing", + "additionalProperties": true, + "description": "Tracing settings. +optional" + }, + "logging": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Logging", + "additionalProperties": true, + "description": "Logging settings. +optional" + }, + "metrics": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Metrics", + "additionalProperties": true, + "description": "Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking", + "additionalProperties": true, + "description": "Networking settings of the mesh" + }, + "routing": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Routing", + "additionalProperties": true, + "description": "Routing settings of the mesh" + }, + "constraints": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.Constraints", + "additionalProperties": true, + "description": "Constraints that applies to the mesh and its entities" + }, + "skipCreatingInitialPolicies": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of policies to skip creating by default when the mesh is created. e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip all policies." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh", + "description": "Mesh defines configuration of a single mesh." + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend" + }, + "type": { + "type": "string", + "description": "Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided)" + }, + "dpCert": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert", + "additionalProperties": true, + "description": "Dataplane certificate settings" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + }, + "mode": { + "enum": [ + "STRICT", + 0, + "PERMISSIVE", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "rootChain": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Certificate Authority Backend", + "description": "CertificateAuthorityBackend defines Certificate Authority backend" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert": { + "properties": { + "rotation": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation", + "additionalProperties": true, + "description": "Rotation settings" + }, + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request to CA for DP certificate generation and retrieval", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Cert", + "description": "DpCert defines settings for certificates generated for Dataplanes" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation": { + "properties": { + "expiration": { + "type": "string", + "description": "Time after which generated certificate for Dataplane will expire" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rotation", + "description": "Rotation defines rotation settings for Dataplane certificate" + }, + "kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain": { + "properties": { + "requestTimeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s.", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Root Chain", + "description": "RootChain defines settings related to CA root certificate chain." + }, + "kuma.mesh.v1alpha1.Logging": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.LoggingBackend" + }, + "type": "array", + "description": "List of available logging backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging" + }, + "kuma.mesh.v1alpha1.LoggingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging" + }, + "format": { + "type": "string", + "description": "Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'tcp' and 'file')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Logging Backend", + "description": "LoggingBackend defines logging backend available to mesh. Backends can be used in TrafficLog rules." + }, + "kuma.mesh.v1alpha1.Mesh.Constraints": { + "properties": { + "dataplaneProxy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints", + "additionalProperties": true, + "description": "DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Constraints", + "description": "Constraints to apply to the mesh and its entities" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints": { + "properties": { + "requirements": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join." + }, + "restrictions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules" + }, + "type": "array", + "description": "Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Proxy Constraints" + }, + "kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags defines set of required tags. You can specify '*' in value to require non empty value of tag" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rules", + "description": "Rules defines a set of rules for data plane proxies to be member of the mesh." + }, + "kuma.mesh.v1alpha1.Mesh.Mtls": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.CertificateAuthorityBackend" + }, + "type": "array", + "description": "List of available Certificate Authority backends" + }, + "skipValidation": { + "type": "boolean", + "description": "If enabled, skips CA validation." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mtls", + "description": "mTLS settings of a Mesh." + }, + "kuma.mesh.v1alpha1.Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + }, + "kuma.mesh.v1alpha1.Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + }, + "kuma.mesh.v1alpha1.Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + }, + "kuma.mesh.v1alpha1.Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/MeshGateway.json b/app/assets/dev/raw/protos/MeshGateway.json new file mode 100644 index 000000000..79692f693 --- /dev/null +++ b/app/assets/dev/raw/protos/MeshGateway.json @@ -0,0 +1,202 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGateway", + "definitions": { + "MeshGateway": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes)." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Conf", + "additionalProperties": true, + "description": "The desired configuration of the MeshGateway." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway", + "description": "MeshGateway is a virtual proxy. Each MeshGateway is bound to a set of builtin gateway dataplanes. Each builtin dataplane instance can host exactly one Gateway proxy configuration. Gateway aligns with the Kubernetes Gateway API. See that spec for detailed documentation." + }, + "kuma.mesh.v1alpha1.MeshGateway.Conf": { + "properties": { + "listeners": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener" + }, + "type": "array", + "description": "Listeners define logical endpoints that are bound on this MeshGateway's address(es)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the desired state of MeshGateway. Aligns with MeshGatewaySpec." + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener": { + "properties": { + "hostname": { + "type": "string", + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching." + }, + "port": { + "type": "integer", + "description": "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules." + }, + "protocol": { + "enum": [ + "NONE", + 0, + "TCP", + 1, + "TLS", + 3, + "HTTP", + 4, + "HTTPS", + 5 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Conf", + "additionalProperties": true, + "description": "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags" + }, + "crossMesh": { + "type": "boolean", + "description": "CrossMesh enables traffic to flow to this listener only from other meshes." + }, + "resources": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.Listener.Resources", + "additionalProperties": true, + "description": "Resources is used to specify listener-specific resource settings." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener" + }, + "kuma.mesh.v1alpha1.MeshGateway.Listener.Resources": { + "properties": { + "connection_limit": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Resources" + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Conf": { + "properties": { + "mode": { + "enum": [ + "NONE", + 0, + "TERMINATE", + 1, + "PASSTHROUGH", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + }, + "certificates": { + "items": { + "$ref": "#/definitions/kuma.system.v1alpha1.DataSource" + }, + "type": "array", + "description": "Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate." + }, + "options": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGateway.TLS.Options", + "additionalProperties": true, + "description": "Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Aligns with MeshGatewayTLSConfig." + }, + "kuma.mesh.v1alpha1.MeshGateway.TLS.Options": { + "additionalProperties": true, + "type": "object", + "title": "Options", + "description": "TODO(jpeach)" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.system.v1alpha1.DataSource": { + "properties": { + "secret": { + "type": "string", + "description": "Data source is a secret with given Secret key." + }, + "file": { + "type": "string", + "description": "Data source is a path to a file. Deprecated, use other sources of a data." + }, + "inline": { + "additionalProperties": true, + "type": "string", + "description": "Data source is inline bytes." + }, + "inlineString": { + "type": "string", + "description": "Data source is inline string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Data Source", + "description": "DataSource defines the source of bytes to use." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/MeshGatewayRoute.json b/app/assets/dev/raw/protos/MeshGatewayRoute.json new file mode 100644 index 000000000..1ccb5b377 --- /dev/null +++ b/app/assets/dev/raw/protos/MeshGatewayRoute.json @@ -0,0 +1,442 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshGatewayRoute", + "definitions": { + "MeshGatewayRoute": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "Selectors is used to match this resource to MeshGateway listener." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Conf", + "additionalProperties": true, + "description": "Conf specifies the route configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Gateway Route" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Backend": { + "properties": { + "weight": { + "type": "integer", + "description": "Weight is the proportion of requests this backend will receive when a forwarding rules specifies multiple backends. Traffic weight is computed as \"weight/sum(all weights)\". A weight of 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Destination is a selector to match the individual endpoints to which the gateway will forward." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Backend", + "description": "Backend selects a target for HTTP request forwarding." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.Conf": { + "properties": { + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute", + "additionalProperties": true, + "title": "TlsRoute tls = 3;", + "description": "TlsRoute tls = 3;" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Hostnames lists the server names for which this route is valid. The hostnames are matched against the TLS Server Name Indication extension if this is a TLS session. They are also matched against the HTTP host (authority) header in the client's HTTP request." + }, + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule" + }, + "type": "array", + "description": "Rules specifies how the gateway should match and process HTTP requests." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Route", + "description": "HTTP routes are valid for listeners that accept HTTP/1.1 and HTTP/2 over both TCP and TLS." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter": { + "properties": { + "request_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + }, + "mirror": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror", + "additionalProperties": true + }, + "redirect": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect", + "additionalProperties": true + }, + "rewrite": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + }, + "response_header": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter": { + "properties": { + "set": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header" + }, + "type": "array" + }, + "remove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Filter" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.HeaderFilter.Header": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Mirror": { + "properties": { + "backend": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend", + "additionalProperties": true, + "description": "Backend denotes the service to which requests will be mirrored. The \"weight\" field must not be given." + }, + "percentage": { + "additionalProperties": true, + "type": "number", + "description": "Percentage specifies the percentage of requests to mirror to the backend (in the range 0.0 - 100.0, inclusive)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mirror", + "description": "The mirror filter sends a percentage of HTTP requests to the given backend. The gateway ignores any responses to these requests." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Redirect": { + "properties": { + "scheme": { + "type": "string", + "description": "The scheme for the redirect URL. Usually \"http\" or \"https\"." + }, + "hostname": { + "type": "string", + "description": "The hostname to redirect to." + }, + "port": { + "type": "integer", + "description": "The port to redirect to." + }, + "status_code": { + "type": "integer", + "description": "The HTTP response status code. This must be in the range 300 - 308." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Redirect", + "description": "The redirect filter responds to the HTTP request immediately, without forwarding it to any backend. The response is a HTTP redirect message." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter.Rewrite": { + "properties": { + "replace_full": { + "type": "string" + }, + "replace_prefix_match": { + "type": "string", + "description": "Note that rewriting \"/prefix\" to \"/\" will do the right thing: - the path \"/prefix\" is rewritten to \"/\" - the path \"/prefix/rest\" is rewritten to \"/rest\"" + }, + "host_to_backend_hostname": { + "type": "boolean", + "description": "Option to indicate that during forwarding, the host header should be swapped with the hostname of the upstream host chosen by the Envoy's cluster manager. BE AWARE: - it's mutually exclusive with request_header filter which explicitly replaces \"host\" header" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rewrite" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path", + "additionalProperties": true + }, + "method": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Http Method" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header" + }, + "type": "array" + }, + "query_parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match specifies the criteria for when a HTTP request matches a rule. The match is only considered successful if all of the specified conditions succeed (AND semantics). At least one match condition must be given." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Header": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1, + "ABSENT", + 2, + "PRESENT", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the HTTP header containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the HTTP header value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header", + "description": "Header matches a value in a HTTP request header. Not that if the header is defined to have multiple values, a REGEX match must be used to match a specific value." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Path": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "PREFIX", + 1, + "REGEX", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "value": { + "minLength": 1, + "type": "string", + "description": "Value is the path to match against. For EXACT and PREFIX match types, it must be a HTTP URI path. For the REGEX match type, it must be a RE2 regular expression. Note that a PREFIX match succeeds only if the prefix is the the entire path or is followed by a /. I.e. a prefix of the path in terms of path elements." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path matches may be \"EXACT\", \"PREFIX\", or \"REGEX\" matches. If the match type is not specified, \"EXACT\" is the default." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match.Query": { + "properties": { + "match": { + "enum": [ + "EXACT", + 0, + "REGEX", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Match Type" + }, + "name": { + "type": "string", + "description": "Name of the query parameter containing the value to match." + }, + "value": { + "type": "string", + "description": "Value that the query parameter value should be matched against." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Query", + "description": "Query matches against HTTP request query parameters." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Rule": { + "properties": { + "matches": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Match" + }, + "type": "array", + "description": "Matches are checked in order. If any match is successful, the rule is selected (OR semantics)." + }, + "filters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.HttpRoute.Filter" + }, + "type": "array", + "description": "Filters are request processing steps that are applied to matched requests. If the redirect filter is specified, it must be the only filter given." + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array", + "description": "Backends is the set of services to which the gateway will forward requests. If a redirect filter is specified, no backends are allowed. Otherwise, at least one backend must be given." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule" + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute": { + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Route", + "description": "TCP routes are valid for listeners that accept connections over TCP." + }, + "kuma.mesh.v1alpha1.MeshGatewayRoute.TcpRoute.Rule": { + "properties": { + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshGatewayRoute.Backend" + }, + "type": "array" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rule", + "description": "repeated Match matches = 1;" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/MeshInsight.json b/app/assets/dev/raw/protos/MeshInsight.json new file mode 100644 index 000000000..146f88a4d --- /dev/null +++ b/app/assets/dev/raw/protos/MeshInsight.json @@ -0,0 +1,161 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MeshInsight", + "definitions": { + "MeshInsight": { + "properties": { + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "policies": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.PolicyStat", + "additionalProperties": true + }, + "type": "object" + }, + "dpVersions": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DpVersions", + "additionalProperties": true + }, + "mTLS": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.MTLS", + "additionalProperties": true, + "description": "mTLS statistics" + }, + "services": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.ServiceStat", + "additionalProperties": true + }, + "dataplanesByType": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplanesByType", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Mesh Insight", + "description": "MeshInsight defines the observed state of a Mesh." + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + }, + "partially_degraded": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat", + "description": "DataplaneStat defines statistic specifically for Dataplane" + }, + "kuma.mesh.v1alpha1.MeshInsight.DataplanesByType": { + "properties": { + "standard": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gateway": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gatewayBuiltin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "gatewayDelegated": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplanes By Type", + "description": "DataplanesByType defines statistics splitted by dataplane types" + }, + "kuma.mesh.v1alpha1.MeshInsight.DpVersions": { + "properties": { + "kumaDp": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by KumaDP version" + }, + "envoy": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplane stats grouped by Envoy version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dp Versions", + "description": "DpVersions defines statistics grouped by dataplane versions" + }, + "kuma.mesh.v1alpha1.MeshInsight.MTLS": { + "properties": { + "issuedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by issued backends." + }, + "supportedBackends": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MeshInsight.DataplaneStat", + "additionalProperties": true + }, + "type": "object", + "description": "Dataplanes grouped by supported backends." + } + }, + "additionalProperties": true, + "type": "object", + "title": "MTLS" + }, + "kuma.mesh.v1alpha1.MeshInsight.PolicyStat": { + "properties": { + "total": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Policy Stat", + "description": "PolicyStat defines statistic for all policies in general" + }, + "kuma.mesh.v1alpha1.MeshInsight.ServiceStat": { + "properties": { + "total": { + "type": "integer" + }, + "internal": { + "type": "integer" + }, + "external": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Stat", + "description": "ServiceStat defines statistics of mesh services" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Message.json b/app/assets/dev/raw/protos/Message.json new file mode 100644 index 000000000..f8fd4b1df --- /dev/null +++ b/app/assets/dev/raw/protos/Message.json @@ -0,0 +1,789 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Message", + "definitions": { + "Message": { + "properties": { + "legacy_request": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryRequest", + "additionalProperties": true + }, + "legacy_response": { + "$ref": "#/definitions/envoy.api.v2.DiscoveryResponse", + "additionalProperties": true + }, + "request": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryRequest", + "additionalProperties": true + }, + "response": { + "$ref": "#/definitions/envoy.service.discovery.v3.DiscoveryResponse", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Message" + }, + "envoy.api.v2.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.api.v2.core.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_api_msg_DiscoveryResponse\u003e` failed to update configuration. The *message* field in *error_details* provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 7]" + }, + "envoy.api.v2.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.api.v2.core.ControlPlane", + "additionalProperties": true, + "description": "[#not-implemented-hide:] The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.api.v2.core.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.api.v2.core.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.api.v2.core.Pipe", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.api.v2.core.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.api.v2.core.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.api.v2.core.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 6]" + }, + "envoy.api.v2.core.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_api_field_core.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_api_field_endpoint.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.api.v2.core.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_api_msg_config.bootstrap.v2.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "locality": { + "$ref": "#/definitions/envoy.api.v2.core.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "build_version": { + "type": "string", + "description": "This is motivated by informing a management server during canary which version of Envoy is being tested in a heterogeneous fleet. This will be set by Envoy in management server RPCs. This field is deprecated in favor of the user_agent_name and user_agent_version values." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.api.v2.core.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example `com.acme.feature`. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.api.v2.core.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 12]" + }, + "envoy.api.v2.core.Pipe": { + "properties": { + "path": { + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.api.v2.core.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_api_msg_listener.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_api_msg_core.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_api_msg_Cluster\u003e`, the cluster type determines whether the address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_api_field_core.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.config.core.v3.Address": { + "properties": { + "socket_address": { + "$ref": "#/definitions/envoy.config.core.v3.SocketAddress", + "additionalProperties": true + }, + "pipe": { + "$ref": "#/definitions/envoy.config.core.v3.Pipe", + "additionalProperties": true + }, + "envoy_internal_address": { + "$ref": "#/definitions/envoy.config.core.v3.EnvoyInternalAddress", + "additionalProperties": true, + "description": "Specifies a user-space address handled by :ref:`internal listeners \u003cenvoy_v3_api_field_config.listener.v3.Listener.internal_listener\u003e`." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Address", + "description": "Addresses specify either a logical or physical address and port, which are used to tell Envoy where to bind/listen, connect to upstream and find management servers." + }, + "envoy.config.core.v3.BuildVersion": { + "properties": { + "version": { + "$ref": "#/definitions/envoy.type.v3.SemanticVersion", + "additionalProperties": true, + "description": "SemVer version of extension." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Free-form build information. Envoy defines several well known keys in the source/common/version/version.h file" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Build Version", + "description": "BuildVersion combines SemVer version of extension with free-form build information (i.e. 'alpha', 'private-build') as a set of strings." + }, + "envoy.config.core.v3.ControlPlane": { + "properties": { + "identifier": { + "type": "string", + "description": "An opaque control plane identifier that uniquely identifies an instance of control plane. This can be used to identify which control plane instance, the Envoy is connected to." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Control Plane", + "description": "Identifies a specific ControlPlane instance that Envoy is connected to." + }, + "envoy.config.core.v3.EnvoyInternalAddress": { + "properties": { + "server_listener_name": { + "type": "string", + "description": "Specifies the :ref:`name \u003cenvoy_v3_api_field_config.listener.v3.Listener.name\u003e` of the internal listener." + }, + "endpoint_id": { + "type": "string", + "description": "Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for example, may be set to the final destination IP for the target internal listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Internal Address", + "description": "The address represents an envoy internal listener. [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]" + }, + "envoy.config.core.v3.Extension": { + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Envoy filter as specified in the Envoy configuration, e.g. envoy.filters.http.router, com.acme.widget." + }, + "category": { + "type": "string", + "description": "Category of the extension. Extension category names use reverse DNS notation. For instance \"envoy.filters.listener\" for Envoy's built-in listener filters or \"com.acme.filters.http\" for HTTP filters from acme.com vendor. [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]" + }, + "type_descriptor": { + "type": "string", + "description": "[#not-implemented-hide:] Type descriptor of extension configuration proto. [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]" + }, + "version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "The version is a property of the extension and maintained independently of other extensions and the Envoy API. This field is not set when extension did not provide version information." + }, + "disabled": { + "type": "boolean", + "description": "Indicates that the extension is present but was disabled via dynamic configuration." + }, + "type_urls": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Type URLs of extension configuration protos." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Extension", + "description": "Version and identification for an Envoy extension. [#next-free-field: 7]" + }, + "envoy.config.core.v3.Locality": { + "properties": { + "region": { + "type": "string", + "description": "Region this :ref:`zone \u003cenvoy_v3_api_field_config.core.v3.Locality.zone\u003e` belongs to." + }, + "zone": { + "type": "string", + "description": "Defines the local service zone where Envoy is running. Though optional, it should be set if discovery service routing is used and the discovery service exposes :ref:`zone data \u003cenvoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality\u003e`, either in this message or via :option:`--service-zone`. The meaning of zone is context dependent, e.g. `Availability Zone (AZ) \u003chttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html\u003e`_ on AWS, `Zone \u003chttps://cloud.google.com/compute/docs/regions-zones/\u003e`_ on GCP, etc." + }, + "sub_zone": { + "type": "string", + "description": "When used for locality of upstream hosts, this field further splits zone into smaller chunks of sub-zones so they can be load balanced independently." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Locality", + "description": "Identifies location of where either Envoy runs or where upstream hosts run." + }, + "envoy.config.core.v3.Node": { + "properties": { + "id": { + "type": "string", + "description": "An opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-node`." + }, + "cluster": { + "type": "string", + "description": "Defines the local service cluster name where Envoy is running. Though optional, it should be set if any of the following features are used: :ref:`statsd \u003carch_overview_statistics\u003e`, :ref:`health check cluster verification \u003cenvoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher\u003e`, :ref:`runtime override directory \u003cenvoy_v3_api_msg_config.bootstrap.v3.Runtime\u003e`, :ref:`user agent addition \u003cenvoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent\u003e`, :ref:`HTTP global rate limiting \u003cconfig_http_filters_rate_limit\u003e`, :ref:`CDS \u003cconfig_cluster_manager_cds\u003e`, and :ref:`HTTP tracing \u003carch_overview_tracing\u003e`, either in this message or via :option:`--service-cluster`." + }, + "metadata": { + "additionalProperties": true, + "type": "object", + "description": "Opaque metadata extending the node identifier. Envoy will pass this directly to the management server." + }, + "dynamic_parameters": { + "additionalProperties": { + "$ref": "#/definitions/xds.core.v3.ContextParams", + "additionalProperties": true + }, + "type": "object", + "description": "Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shard identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests." + }, + "locality": { + "$ref": "#/definitions/envoy.config.core.v3.Locality", + "additionalProperties": true, + "description": "Locality specifying where the Envoy instance is running." + }, + "user_agent_name": { + "type": "string", + "description": "Free-form string that identifies the entity requesting config. E.g. \"envoy\" or \"grpc\"" + }, + "user_agent_version": { + "type": "string", + "description": "Free-form string that identifies the version of the entity requesting config. E.g. \"1.12.2\" or \"abcd1234\", or \"SpecialEnvoyBuild\"" + }, + "user_agent_build_version": { + "$ref": "#/definitions/envoy.config.core.v3.BuildVersion", + "additionalProperties": true, + "description": "Structured version of the entity requesting config." + }, + "extensions": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Extension" + }, + "type": "array", + "description": "List of extensions and their versions supported by the node." + }, + "client_features": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Client feature support list. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example ``com.acme.feature``. See :ref:`the list of features \u003cclient_features\u003e` that xDS client may support." + }, + "listening_addresses": { + "items": { + "$ref": "#/definitions/envoy.config.core.v3.Address" + }, + "type": "array", + "description": "Known listening ports on the node as a generic hint to the management server for filtering :ref:`listeners \u003cconfig_listeners\u003e` to be returned. For example, if there is a listener bound to port 80, the list can optionally contain the SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Node", + "description": "Identifies a specific Envoy instance. The node identifier is presented to the management server, which may use this identifier to distinguish per Envoy configuration for serving. [#next-free-field: 13]" + }, + "envoy.config.core.v3.Pipe": { + "properties": { + "path": { + "minLength": 1, + "type": "string", + "description": "Unix Domain Socket path. On Linux, paths starting with '@' will use the abstract namespace. The starting '@' is replaced by a null byte by Envoy. Paths starting with '@' will result in an error in environments other than Linux." + }, + "mode": { + "type": "integer", + "description": "The mode for the Pipe. Not applicable for abstract sockets." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Network addresses]", + "description": "[#protodoc-title: Network addresses]" + }, + "envoy.config.core.v3.SocketAddress": { + "properties": { + "protocol": { + "enum": [ + "TCP", + 0, + "UDP", + 1 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Protocol" + }, + "address": { + "minLength": 1, + "type": "string", + "description": "The address for this socket. :ref:`Listeners \u003cconfig_listeners\u003e` will bind to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: It is possible to distinguish a Listener address via the prefix/suffix matching in :ref:`FilterChainMatch \u003cenvoy_v3_api_msg_config.listener.v3.FilterChainMatch\u003e`.] When used within an upstream :ref:`BindConfig \u003cenvoy_v3_api_msg_config.core.v3.BindConfig\u003e`, the address controls the source address of outbound connections. For :ref:`clusters \u003cenvoy_v3_api_msg_config.cluster.v3.Cluster\u003e`, the cluster type determines whether the address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized via :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e`." + }, + "port_value": { + "type": "integer" + }, + "named_port": { + "type": "string", + "description": "This is only valid if :ref:`resolver_name \u003cenvoy_v3_api_field_config.core.v3.SocketAddress.resolver_name\u003e` is specified below and the named resolver is capable of named port resolution." + }, + "resolver_name": { + "type": "string", + "description": "The name of the custom resolver. This must have been registered with Envoy. If this is empty, a context dependent default applies. If the address is a concrete IP address, no resolution will occur. If address is a hostname this should be set for resolution other than DNS. Specifying a custom resolver with ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime." + }, + "ipv4_compat": { + "type": "boolean", + "description": "When binding to an IPv6 address above, this enables `IPv4 compatibility \u003chttps://tools.ietf.org/html/rfc3493#page-11\u003e`_. Binding to ``::`` will allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into IPv6 space as ``::FFFF:\u003cIPv4-address\u003e``." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Socket Address", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.DiscoveryRequest": { + "properties": { + "version_info": { + "type": "string", + "description": "The version_info provided in the request messages will be the version_info received with the most recent successfully processed response or empty on the first request. It is expected that no new request is sent after a response is received until the Envoy instance is ready to ACK/NACK the new configuration. ACK/NACK takes place by returning the new API config version as applied or the previous API config version respectively. Each type_url (see below) has an independent version associated with it." + }, + "node": { + "$ref": "#/definitions/envoy.config.core.v3.Node", + "additionalProperties": true, + "description": "The node making the request." + }, + "resource_names": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of resources to subscribe to, e.g. list of cluster names or a route configuration name. If this is empty, all resources for the API are returned. LDS/CDS may have empty resource_names, which will cause all resources for the Envoy instance to be returned. The LDS and CDS responses will then imply a number of resources that need to be fetched via EDS/RDS, which will be explicitly enumerated in resource_names." + }, + "resource_locators": { + "items": { + "$ref": "#/definitions/envoy.service.discovery.v3.ResourceLocator" + }, + "type": "array", + "description": "[#not-implemented-hide:] Alternative to ``resource_names`` field that allows specifying dynamic parameters along with each resource name. Clients that populate this field must be able to handle responses from the server where resources are wrapped in a Resource message. Note that it is legal for a request to have some resources listed in ``resource_names`` and others in ``resource_locators``." + }, + "type_url": { + "type": "string", + "description": "Type of the resource that is being requested, e.g. \"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment\". This is implicit in requests made via singleton xDS APIs such as CDS, LDS, etc. but is required for ADS." + }, + "response_nonce": { + "type": "string", + "description": "nonce corresponding to DiscoveryResponse being ACK/NACKed. See above discussion on version_info and the DiscoveryResponse nonce comment. This may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, or 2) the client has not yet accepted an update in this xDS stream (unlike delta, where it is populated only for new explicit ACKs)." + }, + "error_detail": { + "$ref": "#/definitions/google.rpc.Status", + "additionalProperties": true, + "description": "This is populated when the previous :ref:`DiscoveryResponse \u003cenvoy_v3_api_msg_service.discovery.v3.DiscoveryResponse\u003e` failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy internal exception related to the failure. It is only intended for consumption during manual debugging, the string provided is not guaranteed to be stable across Envoy versions." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Request", + "description": "A DiscoveryRequest requests a set of versioned resources of the same type for a given Envoy node on some API. [#next-free-field: 8]" + }, + "envoy.service.discovery.v3.DiscoveryResponse": { + "properties": { + "version_info": { + "type": "string", + "description": "The version of the response data." + }, + "resources": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "The response resources. These resources are typed and depend on the API being called." + }, + "canary": { + "type": "boolean", + "description": "[#not-implemented-hide:] Canary is used to support two Envoy command line flags: * --terminate-on-canary-transition-failure. When set, Envoy is able to terminate if it detects that configuration is stuck at canary. Consider this example sequence of updates: - Management server applies a canary config successfully. - Management server rolls back to a production config. - Envoy rejects the new production config. Since there is no sensible way to continue receiving configuration updates, Envoy will then terminate and apply production config from a clean slate. * --dry-run-canary. When set, a canary response will never be applied, only validated via a dry run." + }, + "type_url": { + "type": "string", + "description": "Type URL for resources. Identifies the xDS API when muxing over ADS. Must be consistent with the type_url in the 'resources' repeated Any (if non-empty)." + }, + "nonce": { + "type": "string", + "description": "For gRPC based subscriptions, the nonce provides a way to explicitly ack a specific DiscoveryResponse in a following DiscoveryRequest. Additional messages may have been sent by Envoy to the management server for the previous version on the stream prior to this DiscoveryResponse, that were unprocessed at response send time. The nonce allows the management server to ignore any further DiscoveryRequests for the previous version until a DiscoveryRequest bearing the nonce. The nonce is optional and is not required for non-stream based xDS implementations." + }, + "control_plane": { + "$ref": "#/definitions/envoy.config.core.v3.ControlPlane", + "additionalProperties": true, + "description": "The control plane instance that sent the response." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Response", + "description": "[#next-free-field: 7]" + }, + "envoy.service.discovery.v3.ResourceLocator": { + "properties": { + "name": { + "type": "string", + "description": "The resource name to subscribe to." + }, + "dynamic_parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "A set of dynamic parameters used to match against the dynamic parameter constraints on the resource. This allows clients to select between multiple variants of the same resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Common discovery API components]", + "description": "[#protodoc-title: Common discovery API components] Specifies a resource to be subscribed to." + }, + "envoy.type.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic Version]", + "description": "[#protodoc-title: Semantic Version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "envoy.type.v3.SemanticVersion": { + "properties": { + "major_number": { + "type": "integer" + }, + "minor_number": { + "type": "integer" + }, + "patch": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "[#protodoc-title: Semantic version]", + "description": "[#protodoc-title: Semantic version] Envoy uses SemVer (https://semver.org/). Major/minor versions indicate expected behaviors and APIs, the patch version field is used only for security fixes and can be generally ignored." + }, + "google.rpc.Status": { + "properties": { + "code": { + "type": "integer", + "description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]." + }, + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client." + }, + "details": { + "items": { + "properties": { + "type_url": { + "type": "string", + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics." + }, + "value": { + "type": "string", + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Any", + "description": "`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(\u0026foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := \u0026pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := \u0026pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { \"@type\": \"type.googleapis.com/google.profile.Person\", \"firstName\": \u003cstring\u003e, \"lastName\": \u003cstring\u003e } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { \"@type\": \"type.googleapis.com/google.protobuf.Duration\", \"value\": \"1.212s\" }" + }, + "type": "array", + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Status", + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "xds.core.v3.ContextParams": { + "properties": { + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Context Params", + "description": "Additional parameters that can be used to select resource variants. These include any global context parameters, per-resource type client feature capabilities and per-resource type functional attributes. All per-resource type attributes will be `xds.resource.` prefixed and some of these are documented below: `xds.resource.listening_address`: The value is \"IP:port\" (e.g. \"10.1.1.3:8080\") which is the listening address of a Listener. Used in a Listener resource query." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Metrics.json b/app/assets/dev/raw/protos/Metrics.json new file mode 100644 index 000000000..b3f79fe30 --- /dev/null +++ b/app/assets/dev/raw/protos/Metrics.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Metrics", + "definitions": { + "Metrics": { + "properties": { + "enabledBackend": { + "type": "string", + "description": "Name of the enabled backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.MetricsBackend" + }, + "type": "array", + "description": "List of available Metrics backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics", + "description": "Metrics defines configuration for metrics that should be collected and exposed by dataplanes." + }, + "kuma.mesh.v1alpha1.MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/MetricsBackend.json b/app/assets/dev/raw/protos/MetricsBackend.json new file mode 100644 index 000000000..7ad44ef4b --- /dev/null +++ b/app/assets/dev/raw/protos/MetricsBackend.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/MetricsBackend", + "definitions": { + "MetricsBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.metrics.enabledBackend" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'prometheus')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Metrics Backend", + "description": "MetricsBackend defines metric backends" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Networking.json b/app/assets/dev/raw/protos/Networking.json new file mode 100644 index 000000000..771fcb1fc --- /dev/null +++ b/app/assets/dev/raw/protos/Networking.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Networking", + "definitions": { + "Networking": { + "properties": { + "outbound": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Networking.Outbound", + "additionalProperties": true, + "description": "Outbound settings" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking", + "description": "Networking defines the networking configuration of the mesh" + }, + "kuma.mesh.v1alpha1.Networking.Outbound": { + "properties": { + "passthrough": { + "additionalProperties": true, + "type": "boolean", + "description": "Control the passthrough cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Outbound", + "description": "Outbound describes the common mesh outbound settings" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/PrometheusAggregateMetricsConfig.json b/app/assets/dev/raw/protos/PrometheusAggregateMetricsConfig.json new file mode 100644 index 000000000..4e5a51414 --- /dev/null +++ b/app/assets/dev/raw/protos/PrometheusAggregateMetricsConfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusAggregateMetricsConfig", + "definitions": { + "PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/PrometheusEnvoyConfig.json b/app/assets/dev/raw/protos/PrometheusEnvoyConfig.json new file mode 100644 index 000000000..a438ec589 --- /dev/null +++ b/app/assets/dev/raw/protos/PrometheusEnvoyConfig.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusEnvoyConfig", + "definitions": { + "PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/PrometheusMetricsBackendConfig.json b/app/assets/dev/raw/protos/PrometheusMetricsBackendConfig.json new file mode 100644 index 000000000..05701962e --- /dev/null +++ b/app/assets/dev/raw/protos/PrometheusMetricsBackendConfig.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusMetricsBackendConfig", + "definitions": { + "PrometheusMetricsBackendConfig": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a dataplane should expose HTTP endpoint with Prometheus metrics." + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory." + }, + "skipMTLS": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false." + }, + "aggregate": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig" + }, + "type": "array", + "description": "Map with the configuration of applications which metrics are going to be scrapped by kuma-dp." + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusEnvoyConfig", + "additionalProperties": true, + "description": "Configuration of Envoy's metrics." + }, + "tls": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.PrometheusTlsConfig", + "additionalProperties": true, + "description": "Configuration of TLS for prometheus listener." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Metrics Backend Config", + "description": "PrometheusMetricsBackendConfig defines configuration of Prometheus backend" + }, + "kuma.mesh.v1alpha1.PrometheusAggregateMetricsConfig": { + "properties": { + "name": { + "type": "string", + "description": "Name which identify given configuration." + }, + "port": { + "type": "integer", + "description": "Port on which a service expose HTTP endpoint with Prometheus metrics." + }, + "path": { + "type": "string", + "description": "Path on which a service expose HTTP endpoint with Prometheus metrics." + }, + "enabled": { + "additionalProperties": true, + "type": "boolean", + "description": "If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service." + }, + "address": { + "type": "string", + "description": "Address on which a service expose HTTP endpoint with Prometheus metrics." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Aggregate Metrics Config", + "description": "PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. Any configuration change require sidecar restart." + }, + "kuma.mesh.v1alpha1.PrometheusEnvoyConfig": { + "properties": { + "filterRegex": { + "type": "string", + "description": "FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics." + }, + "usedOnly": { + "additionalProperties": true, + "type": "boolean", + "description": "If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Envoy Config", + "description": "PrometheusEnvoyConfig defines filters that should be passed to Envoy for filtering." + }, + "kuma.mesh.v1alpha1.PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/PrometheusTlsConfig.json b/app/assets/dev/raw/protos/PrometheusTlsConfig.json new file mode 100644 index 000000000..90e6ee974 --- /dev/null +++ b/app/assets/dev/raw/protos/PrometheusTlsConfig.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/PrometheusTlsConfig", + "definitions": { + "PrometheusTlsConfig": { + "properties": { + "mode": { + "enum": [ + "activeMTLSBackend", + 0, + "providedTLS", + 1, + "disabled", + 2 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Mode" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Prometheus Tls Config", + "description": "PrometheusEnvoyConfig defines Tls configuration for Prometheus listener." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ProxyTemplate.json b/app/assets/dev/raw/protos/ProxyTemplate.json new file mode 100644 index 000000000..047ef6f39 --- /dev/null +++ b/app/assets/dev/raw/protos/ProxyTemplate.json @@ -0,0 +1,339 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplate", + "definitions": { + "ProxyTemplate": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of Dataplane selectors." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Conf", + "additionalProperties": true, + "description": "Configuration for ProxyTemplate" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template", + "description": "ProxyTemplate defines the desired state of ProxyTemplate" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Conf": { + "properties": { + "imports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "List of imported profiles. +optional" + }, + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + }, + "modifications": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications" + }, + "type": "array", + "description": "List of config modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications": { + "properties": { + "cluster": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster", + "additionalProperties": true, + "description": "Cluster modification" + }, + "listener": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener", + "additionalProperties": true, + "description": "Listener modification" + }, + "networkFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter", + "additionalProperties": true, + "description": "Network Filter modification" + }, + "httpFilter": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter", + "additionalProperties": true, + "description": "HTTP Filter modification" + }, + "virtualHost": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost", + "additionalProperties": true, + "description": "Virtual Host modifications" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modifications", + "description": "Modifications to xDS config generated by Proxy Template" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match", + "additionalProperties": true, + "description": "Only clusters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a cluster (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS cluster" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Cluster", + "description": "Cluster defines modifications to generated clusters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Cluster.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the cluster to match" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for cluster" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match", + "additionalProperties": true, + "description": "Only HTTP filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS HTTP filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http Filter", + "description": "HttpFilter defines modifications to generated HTTP filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.HttpFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that http filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for http filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match", + "additionalProperties": true, + "description": "Only listeners that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a listener (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS listener" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Listener", + "description": "Listener defines modification to generated listeners" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.Listener.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the listener to match" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for listener" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match", + "additionalProperties": true, + "description": "Only network filters that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on network filter (addFirst, addLast, addBefore, addAfter, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS network filter" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Network Filter", + "description": "Listener defines modification to generated network filters" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.NetworkFilter.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the network filter" + }, + "listenerName": { + "type": "string", + "description": "Name of the listener that network filter modifications will be applied to" + }, + "listenerTags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "ListenerTags available in Listener#Metadata#FilterMetadata[io.kuma.tags]" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for network filter" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match", + "additionalProperties": true, + "description": "Only virtual hosts that match will be modified" + }, + "operation": { + "type": "string", + "description": "Operation to apply on a virtual hosts (add, remove, patch)" + }, + "value": { + "type": "string", + "description": "xDS virtual host" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Host", + "description": "VirtualHost defines modification to generated virtual hosts" + }, + "kuma.mesh.v1alpha1.ProxyTemplate.Modifications.VirtualHost.Match": { + "properties": { + "origin": { + "type": "string", + "description": "Origin of the resource generation. (inbound, outbound, prometheus, transparent, ingress)" + }, + "name": { + "type": "string", + "description": "Name of the virtual host to match" + }, + "routeConfigurationName": { + "type": "string", + "description": "Name of the route configuration" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines match for virtual host" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ProxyTemplateProfileSource.json b/app/assets/dev/raw/protos/ProxyTemplateProfileSource.json new file mode 100644 index 000000000..e6e130768 --- /dev/null +++ b/app/assets/dev/raw/protos/ProxyTemplateProfileSource.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateProfileSource", + "definitions": { + "ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ProxyTemplateRawResource.json b/app/assets/dev/raw/protos/ProxyTemplateRawResource.json new file mode 100644 index 000000000..a990ff764 --- /dev/null +++ b/app/assets/dev/raw/protos/ProxyTemplateRawResource.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawResource", + "definitions": { + "ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ProxyTemplateRawSource.json b/app/assets/dev/raw/protos/ProxyTemplateRawSource.json new file mode 100644 index 000000000..c7ac8bb49 --- /dev/null +++ b/app/assets/dev/raw/protos/ProxyTemplateRawSource.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateRawSource", + "definitions": { + "ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ProxyTemplateSource.json b/app/assets/dev/raw/protos/ProxyTemplateSource.json new file mode 100644 index 000000000..d5a244749 --- /dev/null +++ b/app/assets/dev/raw/protos/ProxyTemplateSource.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ProxyTemplateSource", + "definitions": { + "ProxyTemplateSource": { + "properties": { + "name": { + "type": "string", + "description": "Name of a configuration source. +optional" + }, + "profile": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateProfileSource", + "additionalProperties": true, + "description": "Profile, e.g. `default-proxy`. +optional" + }, + "raw": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawSource", + "additionalProperties": true, + "description": "Raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateProfileSource": { + "properties": { + "name": { + "type": "string", + "description": "Profile name." + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Profile params if any. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Profile Source" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawResource": { + "properties": { + "name": { + "type": "string", + "description": "The resource's name, to distinguish it from others of the same type of resource." + }, + "version": { + "type": "string", + "description": "The resource level version. It allows xDS to track the state of individual resources." + }, + "resource": { + "type": "string", + "description": "xDS resource." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Resource" + }, + "kuma.mesh.v1alpha1.ProxyTemplateRawSource": { + "properties": { + "resources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ProxyTemplateRawResource" + }, + "type": "array", + "description": "List of raw xDS resources. +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Proxy Template Raw Source" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/RateLimit.json b/app/assets/dev/raw/protos/RateLimit.json new file mode 100644 index 000000000..afb09cba1 --- /dev/null +++ b/app/assets/dev/raw/protos/RateLimit.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/RateLimit", + "definitions": { + "RateLimit": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that rate limit will be applied for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be rate limited." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf", + "additionalProperties": true, + "description": "Configuration for RateLimit +required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http", + "additionalProperties": true, + "description": "The HTTP RateLimit configuration +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http": { + "properties": { + "requests": { + "type": "integer", + "description": "The number of HTTP requests this RateLimiter allows +required" + }, + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval for which `requests` will be accounted. +required", + "format": "regex" + }, + "onRateLimit": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit", + "additionalProperties": true, + "description": "Describes the actions to take on RatelLimiter event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit": { + "properties": { + "status": { + "additionalProperties": true, + "type": "integer", + "description": "The HTTP status code to be set on a RateLimit event +optional" + }, + "headers": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue" + }, + "type": "array", + "description": "The Headers to be added to the HTTP response on a RateLimit event +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "On Rate Limit" + }, + "kuma.mesh.v1alpha1.RateLimit.Conf.Http.OnRateLimit.HeaderValue": { + "properties": { + "key": { + "type": "string", + "description": "Header name +optional" + }, + "value": { + "type": "string", + "description": "Header value +optional" + }, + "append": { + "additionalProperties": true, + "type": "boolean", + "description": "Should the header be appended +optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Header Value" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Retry.json b/app/assets/dev/raw/protos/Retry.json new file mode 100644 index 000000000..913d8f6b2 --- /dev/null +++ b/app/assets/dev/raw/protos/Retry.json @@ -0,0 +1,224 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Retry", + "definitions": { + "Retry": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that retry policy should be configured for" + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that need to be health checked." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf", + "additionalProperties": true, + "description": "+required" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Retry" + }, + "kuma.mesh.v1alpha1.Retry.Conf": { + "properties": { + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Http", + "additionalProperties": true + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Tcp", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.Grpc", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Retry.Conf.BackOff": { + "properties": { + "base_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+required", + "format": "regex" + }, + "max_interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Back Off" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Grpc": { + "properties": { + "retry_on": { + "items": { + "enum": [ + "cancelled", + 0, + "deadline_exceeded", + 1, + "internal", + 2, + "resource_exhausted", + 3, + "unavailable", + 4 + ] + }, + "type": "array", + "title": "Retry On" + }, + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Http": { + "properties": { + "num_retries": { + "additionalProperties": true, + "type": "integer", + "description": "+optional" + }, + "per_try_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "+optional", + "format": "regex" + }, + "back_off": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Retry.Conf.BackOff", + "additionalProperties": true, + "description": "+optional" + }, + "retriable_status_codes": { + "items": { + "type": "integer" + }, + "type": "array", + "description": "+optional" + }, + "retriable_methods": { + "items": { + "enum": [ + "NONE", + 0, + "CONNECT", + 1, + "DELETE", + 2, + "GET", + 3, + "HEAD", + 4, + "OPTIONS", + 5, + "PATCH", + 6, + "POST", + 7, + "PUT", + 8, + "TRACE", + 9 + ] + }, + "type": "array", + "title": "Http Method" + }, + "retry_on": { + "items": { + "enum": [ + "all_5xx", + 0, + "gateway_error", + 1, + "reset", + 2, + "connect_failure", + 3, + "envoy_ratelimited", + 4, + "retriable_4xx", + 5, + "refused_stream", + 6, + "retriable_status_codes", + 7, + "retriable_headers", + 8, + "http3_post_connect_failure", + 9 + ] + }, + "type": "array", + "title": "Http Retry On", + "description": "These options correspond with the retry_on options in Envoy's documentation: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http" + }, + "kuma.mesh.v1alpha1.Retry.Conf.Tcp": { + "properties": { + "max_connect_attempts": { + "type": "integer", + "description": "+optional" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Routing.json b/app/assets/dev/raw/protos/Routing.json new file mode 100644 index 000000000..858a02b0b --- /dev/null +++ b/app/assets/dev/raw/protos/Routing.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Routing", + "definitions": { + "Routing": { + "properties": { + "localityAwareLoadBalancing": { + "type": "boolean", + "description": "Enable the Locality Aware Load Balancing" + }, + "zoneEgress": { + "type": "boolean", + "description": "Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Routing", + "description": "Routing defines configuration for the routing in the mesh" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Selector.json b/app/assets/dev/raw/protos/Selector.json new file mode 100644 index 000000000..91f0fe4af --- /dev/null +++ b/app/assets/dev/raw/protos/Selector.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Selector", + "definitions": { + "Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ServiceInsight.json b/app/assets/dev/raw/protos/ServiceInsight.json new file mode 100644 index 000000000..21a33e559 --- /dev/null +++ b/app/assets/dev/raw/protos/ServiceInsight.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ServiceInsight", + "definitions": { + "ServiceInsight": { + "properties": { + "services": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service", + "additionalProperties": true + }, + "type": "object" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service Insight" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service": { + "properties": { + "status": { + "enum": [ + "none", + 0, + "offline", + 1, + "partially_degraded", + 2, + "online", + 3, + "not_available", + 4 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Status" + }, + "dataplanes": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat", + "additionalProperties": true + }, + "issuedBackends": { + "additionalProperties": { + "type": "integer" + }, + "type": "object" + }, + "serviceType": { + "enum": [ + "internal", + 0, + "external", + 1, + "gateway_delegated", + 2, + "gateway_builtin", + 3 + ], + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "Type" + }, + "addressPort": { + "type": "string" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Service" + }, + "kuma.mesh.v1alpha1.ServiceInsight.Service.DataplaneStat": { + "properties": { + "total": { + "type": "integer" + }, + "online": { + "type": "integer" + }, + "offline": { + "type": "integer" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Dataplane Stat" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/StatsRequest.json b/app/assets/dev/raw/protos/StatsRequest.json new file mode 100644 index 000000000..a94577050 --- /dev/null +++ b/app/assets/dev/raw/protos/StatsRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsRequest", + "definitions": { + "StatsRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute kuma-dp stats request." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute kuma-dp stats request. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Request", + "description": "StatsRequest is a request for kuma-dp stats that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/StatsResponse.json b/app/assets/dev/raw/protos/StatsResponse.json new file mode 100644 index 000000000..e64f5f98c --- /dev/null +++ b/app/assets/dev/raw/protos/StatsResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/StatsResponse", + "definitions": { + "StatsResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing kuma-dp stats request." + }, + "stats": { + "type": "string", + "description": "The stats content that is a successful result of kuma-dp stats execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Stats Response", + "description": "StatsResponse is a response containing result of kuma-dp stats execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TcpLoggingBackendConfig.json b/app/assets/dev/raw/protos/TcpLoggingBackendConfig.json new file mode 100644 index 000000000..ce4ae7037 --- /dev/null +++ b/app/assets/dev/raw/protos/TcpLoggingBackendConfig.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TcpLoggingBackendConfig", + "definitions": { + "TcpLoggingBackendConfig": { + "properties": { + "address": { + "type": "string", + "description": "Address to TCP service that will receive logs" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp Logging Backend Config", + "description": "TcpLoggingBackendConfig defines configuration for TCP based access logs" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Timeout.json b/app/assets/dev/raw/protos/Timeout.json new file mode 100644 index 000000000..e6d1694c2 --- /dev/null +++ b/app/assets/dev/raw/protos/Timeout.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Timeout", + "definitions": { + "Timeout": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Timeout" + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.Timeout.Conf": { + "properties": { + "connect_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "ConnectTimeout defines time to establish connection", + "format": "regex" + }, + "tcp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Tcp", + "additionalProperties": true + }, + "http": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Http", + "additionalProperties": true + }, + "grpc": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Timeout.Conf.Grpc", + "additionalProperties": true, + "description": "Deprecated: set parameters through Http section" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Grpc": { + "properties": { + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity Deprecated: use Http.StreamIdleTimeout instead", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span Deprecated: use Http.MaxStreamDuration instead", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Grpc", + "description": "Grpc defines timeouts that are applied when the protocol is GRPC" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Http": { + "properties": { + "request_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "RequestTimeout is a span between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed", + "format": "regex" + }, + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is the time at which a downstream or upstream connection will be terminated if there are no active streams", + "format": "regex" + }, + "stream_idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "StreamIdleTimeout is the amount of time that the connection manager will allow a stream to exist with no upstream or downstream activity", + "format": "regex" + }, + "max_stream_duration": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "MaxStreamDuration is the maximum time that a stream’s lifetime will span", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines timeouts that are applied when the protocol is HTTP" + }, + "kuma.mesh.v1alpha1.Timeout.Conf.Tcp": { + "properties": { + "idle_timeout": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "IdleTimeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tcp", + "description": "Tcp defines timeouts that are applied when the protocol is TCP" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Tracing.json b/app/assets/dev/raw/protos/Tracing.json new file mode 100644 index 000000000..b7cc2dbef --- /dev/null +++ b/app/assets/dev/raw/protos/Tracing.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Tracing", + "definitions": { + "Tracing": { + "properties": { + "defaultBackend": { + "type": "string", + "description": "Name of the default backend" + }, + "backends": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TracingBackend" + }, + "type": "array", + "description": "List of available tracing backends" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing", + "description": "Tracing defines tracing configuration of the mesh." + }, + "kuma.mesh.v1alpha1.TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TracingBackend.json b/app/assets/dev/raw/protos/TracingBackend.json new file mode 100644 index 000000000..4bf433707 --- /dev/null +++ b/app/assets/dev/raw/protos/TracingBackend.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TracingBackend", + "definitions": { + "TracingBackend": { + "properties": { + "name": { + "type": "string", + "description": "Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace" + }, + "sampling": { + "additionalProperties": true, + "type": "number", + "description": "Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0%" + }, + "type": { + "type": "string", + "description": "Type of the backend (Kuma ships with 'zipkin')" + }, + "conf": { + "additionalProperties": true, + "type": "object", + "description": "Configuration of the backend" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Tracing Backend", + "description": "TracingBackend defines tracing backend available to mesh. Backends can be used in TrafficTrace rules." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TrafficLog.json b/app/assets/dev/raw/protos/TrafficLog.json new file mode 100644 index 000000000..62a817926 --- /dev/null +++ b/app/assets/dev/raw/protos/TrafficLog.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficLog", + "definitions": { + "TrafficLog": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficLog.Conf", + "additionalProperties": true, + "description": "Configuration of the logging." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Log", + "description": "TrafficLog defines log for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficLog.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the logging." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TrafficPermission.json b/app/assets/dev/raw/protos/TrafficPermission.json new file mode 100644 index 000000000..5c9068126 --- /dev/null +++ b/app/assets/dev/raw/protos/TrafficPermission.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficPermission", + "definitions": { + "TrafficPermission": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Permission", + "description": "TrafficPermission defines permission for traffic between dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TrafficRoute.json b/app/assets/dev/raw/protos/TrafficRoute.json new file mode 100644 index 000000000..c10979152 --- /dev/null +++ b/app/assets/dev/raw/protos/TrafficRoute.json @@ -0,0 +1,390 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficRoute", + "definitions": { + "TrafficRoute": { + "properties": { + "sources": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match data plane proxies that are sources of traffic." + }, + "destinations": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match services that are destinations of traffic. Notice the difference between sources and destinations. While the source of traffic is always a data plane proxy within a mesh, the destination is a service that could be either within or outside of a mesh." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Conf", + "additionalProperties": true, + "description": "Configuration for the route." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Route", + "description": "TrafficRoute defines routing rules for the traffic in the mesh." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Conf": { + "properties": { + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "load_balancer": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer", + "additionalProperties": true, + "description": "Load balancer configuration for given \"split\" or \"destination\"" + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + }, + "http": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http" + }, + "type": "array", + "description": "Configuration of HTTP traffic. Traffic is matched one by one with the order defined in the list. If the request does not match any criteria then \"split\" or \"destination\" outside of \"http\" section is executed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Conf defines the destination configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http": { + "properties": { + "match": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match", + "additionalProperties": true, + "description": "If request matches against defined criteria then \"split\" or \"destination\" is executed." + }, + "modify": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify", + "additionalProperties": true, + "description": "Modifications to the traffic matched by the match section." + }, + "split": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Split" + }, + "type": "array", + "description": "List of destinations with weights assigned to them. When used, \"destination\" is not allowed." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "One destination that the traffic will be redirected to. When used, \"split\" is not allowed." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Http", + "description": "Http defines configuration for HTTP traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match": { + "properties": { + "method": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Method matches method of HTTP request." + }, + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true, + "description": "Path matches HTTP path." + }, + "headers": { + "additionalProperties": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher", + "additionalProperties": true + }, + "type": "object", + "description": "Headers match HTTP request headers." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Match", + "description": "Match defines a series of matching criteria to apply modification and reroute the traffic." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Match.StringMatcher": { + "properties": { + "prefix": { + "type": "string", + "description": "Prefix matches the string against defined prefix." + }, + "exact": { + "type": "string", + "description": "Exact checks that strings are equal to each other." + }, + "regex": { + "type": "string", + "description": "Regex checks the string using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + } + }, + "additionalProperties": true, + "type": "object", + "title": "String Matcher", + "description": "StringMatcher matches the string value." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify": { + "properties": { + "path": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path", + "additionalProperties": true, + "description": "Path modifications." + }, + "host": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host", + "additionalProperties": true, + "description": "Host modifications." + }, + "requestHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Request headers modifications." + }, + "responseHeaders": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers", + "additionalProperties": true, + "description": "Response headers modifications." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Modify", + "description": "Modify defines modifications of matched HTTP messages." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers": { + "properties": { + "add": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add" + }, + "type": "array", + "description": "List of add header operations." + }, + "remove": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove" + }, + "type": "array", + "description": "List of remove header operations." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Headers", + "description": "Headers defines modification of HTTP headers." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Add": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header." + }, + "value": { + "type": "string", + "description": "Value of the header." + }, + "append": { + "type": "boolean", + "description": "If true, it appends the value if there is already a value. Otherwise, value of existing header will be replaced." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Add", + "description": "Add defines operation of adding new HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Headers.Remove": { + "properties": { + "name": { + "type": "string", + "description": "Name of the header to remove." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Remove", + "description": "Remove defines operation of removing an HTTP header." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Host": { + "properties": { + "value": { + "type": "string", + "description": "Value replaces the host header with given value." + }, + "fromPath": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "FromPath replaces the host header from path using regex." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Host", + "description": "Host defines modification of the HTTP Host header" + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.Path": { + "properties": { + "rewritePrefix": { + "type": "string", + "description": "RewritePrefix rewrites previously matched prefix in match section." + }, + "regex": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace", + "additionalProperties": true, + "description": "Regex rewrites prefix using regex with substitution." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Path", + "description": "Path defines modification of path of the HTTP request." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Http.Modify.RegexReplace": { + "properties": { + "pattern": { + "type": "string", + "description": "Pattern of the regex using RE2 syntax. https://github.com/google/re2/wiki/Syntax" + }, + "substitution": { + "type": "string", + "description": "Substitution using regex groups. E.g. use \\\\1 as a first matched group." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Regex Replace", + "description": "RegexReplace defines a way to match string using regex and build a new one using substitution section." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer": { + "properties": { + "round_robin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin", + "additionalProperties": true + }, + "least_request": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest", + "additionalProperties": true + }, + "ring_hash": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash", + "additionalProperties": true + }, + "random": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random", + "additionalProperties": true + }, + "maglev": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Load Balancer", + "description": "LoadBalancer defines the load balancing policy and configuration." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.LeastRequest": { + "properties": { + "choice_count": { + "type": "integer", + "description": "The number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Least Request", + "description": "LeastRequest uses different algorithms depending on whether hosts have the same or different weights." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Maglev": { + "additionalProperties": true, + "type": "object", + "title": "Maglev", + "description": "Maglev implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.Random": { + "additionalProperties": true, + "type": "object", + "title": "Random", + "description": "Random selects a random available host." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RingHash": { + "properties": { + "hash_function": { + "type": "string", + "description": "The hash function used to hash hosts onto the ketama ring. The value defaults to 'XX_HASH'." + }, + "min_ring_size": { + "type": "string", + "description": "Minimum hash ring size." + }, + "max_ring_size": { + "type": "string", + "description": "Maximum hash ring size." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Ring Hash", + "description": "RingHash implements consistent hashing to upstream hosts." + }, + "kuma.mesh.v1alpha1.TrafficRoute.LoadBalancer.RoundRobin": { + "additionalProperties": true, + "type": "object", + "title": "Round Robin", + "description": "RoundRobin is a simple policy in which each available upstream host is selected in round robin order." + }, + "kuma.mesh.v1alpha1.TrafficRoute.Split": { + "properties": { + "weight": { + "additionalProperties": true, + "type": "integer", + "description": "Weight assigned to that destination. Weights are not percentages. For example two destinations with weights the same weight \"1\" will receive both same amount of the traffic. 0 means that the destination will be ignored." + }, + "destination": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Selector to match individual endpoints that comprise that destination. Notice that an endpoint can be either inside or outside the mesh. In the former case an endpoint corresponds to a data plane proxy, in the latter case an endpoint is an External Service." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Split", + "description": "Split defines a destination with a weight assigned to it." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/TrafficTrace.json b/app/assets/dev/raw/protos/TrafficTrace.json new file mode 100644 index 000000000..d4f0859c5 --- /dev/null +++ b/app/assets/dev/raw/protos/TrafficTrace.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/TrafficTrace", + "definitions": { + "TrafficTrace": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes." + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.TrafficTrace.Conf", + "additionalProperties": true, + "description": "Configuration of the tracing." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Traffic Trace", + "description": "TrafficTrace defines trace configuration for selected dataplanes." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.TrafficTrace.Conf": { + "properties": { + "backend": { + "type": "string", + "description": "Backend defined in the Mesh entity." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf", + "description": "Configuration defines settings of the tracing." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/Version.json b/app/assets/dev/raw/protos/Version.json new file mode 100644 index 000000000..b7fbce902 --- /dev/null +++ b/app/assets/dev/raw/protos/Version.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/Version", + "definitions": { + "Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/VirtualOutbound.json b/app/assets/dev/raw/protos/VirtualOutbound.json new file mode 100644 index 000000000..6f79a1ed5 --- /dev/null +++ b/app/assets/dev/raw/protos/VirtualOutbound.json @@ -0,0 +1,78 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/VirtualOutbound", + "definitions": { + "VirtualOutbound": { + "properties": { + "selectors": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Selector" + }, + "type": "array", + "description": "List of selectors to match dataplanes that this policy applies to" + }, + "conf": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Virtual Outbound", + "description": "VirtualOutbound defines how to generate hostname ports combination." + }, + "kuma.mesh.v1alpha1.Selector": { + "properties": { + "match": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Tags to match, can be used for both source and destinations" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Selector", + "description": "Selector defines structure for selecting tags for given dataplane" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf": { + "properties": { + "host": { + "type": "string", + "description": "Host the gotemplate to generate the hostname from the Parameters map" + }, + "port": { + "type": "string", + "description": "Port the gotemplate to generate the port from the Parameters map" + }, + "parameters": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter" + }, + "type": "array", + "description": "Parameters a mapping between tag keys and template parameter key. This must always contain at least `kuma.io/service`" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Conf" + }, + "kuma.mesh.v1alpha1.VirtualOutbound.Conf.TemplateParameter": { + "properties": { + "name": { + "type": "string", + "description": "Name the name of the template parameter (must be alphanumeric)." + }, + "tag_key": { + "type": "string", + "description": "TagKey the name of the tag in the Kuma outbound (optional if absent it will use Name)." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Template Parameter", + "description": "A mapping between a template parameter and a dataplane outbound tag name." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/XDSConfigRequest.json b/app/assets/dev/raw/protos/XDSConfigRequest.json new file mode 100644 index 000000000..1ea4641e7 --- /dev/null +++ b/app/assets/dev/raw/protos/XDSConfigRequest.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigRequest", + "definitions": { + "XDSConfigRequest": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID of a request so we can correlate requests with response on one stream." + }, + "resource_type": { + "type": "string", + "description": "Type of resource (Dataplane, ZoneIngress, ZoneEgress)" + }, + "resource_name": { + "type": "string", + "description": "Name of the resource on which we execute config dump." + }, + "resource_mesh": { + "type": "string", + "description": "Mesh of the resource on which we execute config dump. Should be empty for ZoneIngress, ZoneEgress." + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Request", + "description": "XDSConfigRequest is a request for XDS Config Dump that is executed on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/XDSConfigResponse.json b/app/assets/dev/raw/protos/XDSConfigResponse.json new file mode 100644 index 000000000..d6d64774a --- /dev/null +++ b/app/assets/dev/raw/protos/XDSConfigResponse.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/XDSConfigResponse", + "definitions": { + "XDSConfigResponse": { + "properties": { + "request_id": { + "type": "string", + "description": "RequestID is a UUID that was set by the Global CP." + }, + "error": { + "type": "string", + "description": "Error that was captured by the Zone CP when executing XDS Config Dump." + }, + "config": { + "type": "string", + "description": "The XDS Config that is a successful result of XDS Config dump execution.", + "format": "binary", + "binaryEncoding": "base64" + } + }, + "additionalProperties": true, + "type": "object", + "title": "XDS Config Response", + "description": "XDSConfigRequest is a response containing result of XDS Config Dump execution on Zone CP." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZipkinTracingBackendConfig.json b/app/assets/dev/raw/protos/ZipkinTracingBackendConfig.json new file mode 100644 index 000000000..ab2dd42ae --- /dev/null +++ b/app/assets/dev/raw/protos/ZipkinTracingBackendConfig.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZipkinTracingBackendConfig", + "definitions": { + "ZipkinTracingBackendConfig": { + "properties": { + "url": { + "type": "string", + "description": "Address of Zipkin collector." + }, + "traceId128bit": { + "type": "boolean", + "description": "Generate 128bit traces. Default: false" + }, + "apiVersion": { + "type": "string", + "description": "Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion" + }, + "sharedSpanContext": { + "additionalProperties": true, + "type": "boolean", + "description": "Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zipkin Tracing Backend Config" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneEgress.json b/app/assets/dev/raw/protos/ZoneEgress.json new file mode 100644 index 000000000..b154ca74f --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneEgress.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgress", + "definitions": { + "ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneEgressInsight.json b/app/assets/dev/raw/protos/ZoneEgressInsight.json new file mode 100644 index 000000000..9a5e7643e --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneEgressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressInsight", + "definitions": { + "ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneEgressOverview.json b/app/assets/dev/raw/protos/ZoneEgressOverview.json new file mode 100644 index 000000000..7e2fe5983 --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneEgressOverview.json @@ -0,0 +1,258 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneEgressOverview", + "definitions": { + "ZoneEgressOverview": { + "properties": { + "zoneEgress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress", + "additionalProperties": true + }, + "zoneEgressInsight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Overview", + "description": "ZoneEgressOverview defines the projected state of a ZoneEgress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneEgress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneEgress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Egress to listen on." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress", + "description": "ZoneEgress allows us to configure dataplane in the Egress mode." + }, + "kuma.mesh.v1alpha1.ZoneEgress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneEgressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Egress Insight", + "description": "ZoneEgressInsight defines the observed state of a Zone Egress." + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneHealthCheckRequest.json b/app/assets/dev/raw/protos/ZoneHealthCheckRequest.json new file mode 100644 index 000000000..c2d4bc984 --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneHealthCheckRequest.json @@ -0,0 +1,11 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneHealthCheckRequest", + "definitions": { + "ZoneHealthCheckRequest": { + "additionalProperties": true, + "type": "object", + "title": "Zone Health Check Request" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneHealthCheckResponse.json b/app/assets/dev/raw/protos/ZoneHealthCheckResponse.json new file mode 100644 index 000000000..d523b0a8c --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneHealthCheckResponse.json @@ -0,0 +1,19 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneHealthCheckResponse", + "definitions": { + "ZoneHealthCheckResponse": { + "properties": { + "interval": { + "pattern": "^([0-9]+\\.?[0-9]*|\\.[0-9]+)s$", + "type": "string", + "description": "The the interval that the global control plane expects between health check pings", + "format": "regex" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Health Check Response" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneIngress.json b/app/assets/dev/raw/protos/ZoneIngress.json new file mode 100644 index 000000000..0d613e59b --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneIngress.json @@ -0,0 +1,95 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngress", + "definitions": { + "ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneIngressInsight.json b/app/assets/dev/raw/protos/ZoneIngressInsight.json new file mode 100644 index 000000000..4c6d25999 --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneIngressInsight.json @@ -0,0 +1,194 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressInsight", + "definitions": { + "ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + } + } +} \ No newline at end of file diff --git a/app/assets/dev/raw/protos/ZoneIngressOverview.json b/app/assets/dev/raw/protos/ZoneIngressOverview.json new file mode 100644 index 000000000..5cf6ef549 --- /dev/null +++ b/app/assets/dev/raw/protos/ZoneIngressOverview.json @@ -0,0 +1,299 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/ZoneIngressOverview", + "definitions": { + "ZoneIngressOverview": { + "properties": { + "zone_ingress": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress", + "additionalProperties": true + }, + "zone_ingress_insight": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngressInsight", + "additionalProperties": true + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Overview", + "description": "ZoneIngressOverview defines the projected state of a ZoneIngress." + }, + "kuma.mesh.v1alpha1.DiscoveryServiceStats": { + "properties": { + "responses_sent": { + "type": "string", + "description": "Number of xDS responses sent to the Dataplane." + }, + "responses_acknowledged": { + "type": "string", + "description": "Number of xDS responses ACKed by the Dataplane." + }, + "responses_rejected": { + "type": "string", + "description": "Number of xDS responses NACKed by the Dataplane." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Service Stats", + "description": "DiscoveryServiceStats defines all stats over a single xDS service." + }, + "kuma.mesh.v1alpha1.DiscoverySubscription": { + "properties": { + "id": { + "minLength": 1, + "type": "string", + "description": "Unique id per ADS subscription." + }, + "control_plane_instance_id": { + "minLength": 1, + "type": "string", + "description": "Control Plane instance that handled given subscription." + }, + "connect_time": { + "type": "string", + "description": "Time when a given Dataplane connected to the Control Plane.", + "format": "date-time" + }, + "disconnect_time": { + "type": "string", + "description": "Time when a given Dataplane disconnected from the Control Plane.", + "format": "date-time" + }, + "status": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscriptionStatus", + "additionalProperties": true, + "description": "Status of the ADS subscription." + }, + "version": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.Version", + "additionalProperties": true, + "description": "Version of Envoy and Kuma dataplane" + }, + "generation": { + "type": "integer", + "description": "Generation is an integer number which is periodically increased by the status sink" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription", + "description": "DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. Ideally, there should be only one such subscription per Dataplane lifecycle. Presence of multiple subscriptions might indicate one of the following events: - transient loss of network connection between Dataplane and Control Plane - Dataplane restart (i.e. hot restart or crash) - Control Plane restart (i.e. rolling update or crash) - etc" + }, + "kuma.mesh.v1alpha1.DiscoverySubscriptionStatus": { + "properties": { + "last_update_time": { + "type": "string", + "description": "Time when status of a given ADS subscription was most recently updated.", + "format": "date-time" + }, + "total": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "Total defines an aggregate over individual xDS stats." + }, + "cds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "CDS defines all CDS stats." + }, + "eds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "EDS defines all EDS stats." + }, + "lds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "LDS defines all LDS stats." + }, + "rds": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoveryServiceStats", + "additionalProperties": true, + "description": "RDS defines all RDS stats." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Discovery Subscription Status", + "description": "DiscoverySubscriptionStatus defines status of an ADS subscription." + }, + "kuma.mesh.v1alpha1.EnvoyAdmin": { + "properties": { + "port": { + "type": "integer", + "description": "Port on which Envoy Admin API server will be listening" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Admin" + }, + "kuma.mesh.v1alpha1.EnvoyVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Envoy" + }, + "build": { + "type": "string", + "description": "Full build tag of Envoy version" + }, + "kumaDpCompatible": { + "type": "boolean", + "description": "True iff Envoy version is compatible with Kuma DP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Envoy Version", + "description": "EnvoyVersion describes details of Envoy version" + }, + "kuma.mesh.v1alpha1.KumaDpVersion": { + "properties": { + "version": { + "type": "string", + "description": "Version number of Kuma Dataplane" + }, + "gitTag": { + "type": "string", + "description": "Git tag of Kuma Dataplane version" + }, + "gitCommit": { + "type": "string", + "description": "Git commit of Kuma Dataplane version" + }, + "buildDate": { + "type": "string", + "description": "Build date of Kuma Dataplane version" + }, + "kumaCpCompatible": { + "type": "boolean", + "description": "True iff Kuma DP version is compatible with Kuma CP version" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Kuma Dp Version", + "description": "KumaDpVersion describes details of Kuma Dataplane version" + }, + "kuma.mesh.v1alpha1.Version": { + "properties": { + "kumaDp": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.KumaDpVersion", + "additionalProperties": true, + "description": "Version of Kuma Dataplane" + }, + "envoy": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyVersion", + "additionalProperties": true, + "description": "Version of Envoy" + }, + "dependencies": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Versions of other dependencies, i.e. CoreDNS" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Version", + "description": "Version defines version of Kuma Dataplane and Envoy" + }, + "kuma.mesh.v1alpha1.ZoneIngress": { + "properties": { + "zone": { + "type": "string", + "description": "Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP" + }, + "networking": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.Networking", + "additionalProperties": true, + "description": "Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified." + }, + "availableServices": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.ZoneIngress.AvailableService" + }, + "type": "array", + "description": "AvailableService contains tags that represent unique subset of endpoints" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress", + "description": "ZoneIngress allows us to configure dataplane in the Ingress mode. In this mode, dataplane has only inbound interfaces. Every inbound interface matches with services that reside in that cluster." + }, + "kuma.mesh.v1alpha1.ZoneIngress.AvailableService": { + "properties": { + "tags": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "tags of the service" + }, + "instances": { + "type": "integer", + "description": "number of instances available for given tags" + }, + "mesh": { + "type": "string", + "description": "mesh of the instances available for given tags" + }, + "externalService": { + "type": "boolean", + "description": "instance of external service available from the zone" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Available Service" + }, + "kuma.mesh.v1alpha1.ZoneIngress.Networking": { + "properties": { + "address": { + "type": "string", + "description": "Address on which inbound listener will be exposed" + }, + "advertisedAddress": { + "type": "string", + "description": "AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters." + }, + "port": { + "type": "integer", + "description": "Port of the inbound interface that will forward requests to the service." + }, + "advertisedPort": { + "type": "integer", + "description": "AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters." + }, + "admin": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.EnvoyAdmin", + "additionalProperties": true, + "description": "Admin contains configuration related to Envoy Admin API" + } + }, + "additionalProperties": true, + "type": "object", + "title": "Networking" + }, + "kuma.mesh.v1alpha1.ZoneIngressInsight": { + "properties": { + "subscriptions": { + "items": { + "$ref": "#/definitions/kuma.mesh.v1alpha1.DiscoverySubscription" + }, + "type": "array", + "description": "List of ADS subscriptions created by a given Zone Kuma CP." + } + }, + "additionalProperties": true, + "type": "object", + "title": "Zone Ingress Insight", + "description": "ZoneIngressInsight defines the observed state of a Zone Ingress." + } + } +} \ No newline at end of file diff --git a/app/assets/raw/CHANGELOG.md b/app/assets/raw/CHANGELOG.md new file mode 100644 index 000000000..7aa78df04 --- /dev/null +++ b/app/assets/raw/CHANGELOG.md @@ -0,0 +1,2101 @@ +# Changelog + + +## 2.5.1 +> Released on 2023/12/05 + +* feat(dataplane): ignored listeners with ignored labels in selector (backport of #8463) [#8544](https://github.com/kumahq/kuma/pull/8544) @kumahq +* fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) [#8475](https://github.com/kumahq/kuma/pull/8475) @kumahq +* fix(metrics): fix kds metrics for simple watchdog (backport of #8428) [#8430](https://github.com/kumahq/kuma/pull/8430) @kumahq + + +## 2.5.0 +> Released on 2023/11/15 + +* chore(deps): bump actions/checkout from 3 to 4 [#7639](https://github.com/kumahq/kuma/pull/7639) @dependabot +* chore(deps): bump actions/setup-node from 3 to 4 [#8109](https://github.com/kumahq/kuma/pull/8109) @dependabot +* chore(deps): bump cirello.io/pglock from 1.14.0 to 1.14.1 [#7914](https://github.com/kumahq/kuma/pull/7914) @dependabot +* chore(deps): bump debian from `b91baba` to `7d3e881` [#7697](https://github.com/kumahq/kuma/pull/7697) [#7852](https://github.com/kumahq/kuma/pull/7852) [#8053](https://github.com/kumahq/kuma/pull/8053) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `6579e1f` to `1ae8df5` [#7635](https://github.com/kumahq/kuma/pull/7635) [#7985](https://github.com/kumahq/kuma/pull/7985) @dependabot +* chore(deps): bump distroless/static-debian11 from `312a533` to `cdb2034` [#7636](https://github.com/kumahq/kuma/pull/7636) [#7987](https://github.com/kumahq/kuma/pull/7987) @dependabot +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8023](https://github.com/kumahq/kuma/pull/8023) @lahabana +* chore(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.2 [#8093](https://github.com/kumahq/kuma/pull/8093) @dependabot +* chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 [#7712](https://github.com/kumahq/kuma/pull/7712) @dependabot +* chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible [#8183](https://github.com/kumahq/kuma/pull/8183) @dependabot +* chore(deps): bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0 [#7786](https://github.com/kumahq/kuma/pull/7786) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.1 to 0.5.2 [#7857](https://github.com/kumahq/kuma/pull/7857) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 [#8184](https://github.com/kumahq/kuma/pull/8184) @dependabot +* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.4.0 [#7609](https://github.com/kumahq/kuma/pull/7609) [#8188](https://github.com/kumahq/kuma/pull/8188) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.43.13 to 0.46.1 [#7792](https://github.com/kumahq/kuma/pull/7792) [#7993](https://github.com/kumahq/kuma/pull/7993) [#8090](https://github.com/kumahq/kuma/pull/8090) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.55 to 1.1.56 [#7785](https://github.com/kumahq/kuma/pull/7785) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0 [#7611](https://github.com/kumahq/kuma/pull/7611) [#7854](https://github.com/kumahq/kuma/pull/7854) [#7991](https://github.com/kumahq/kuma/pull/7991) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.10 to 1.29.0 [#7917](https://github.com/kumahq/kuma/pull/7917) [#8094](https://github.com/kumahq/kuma/pull/8094) [#8185](https://github.com/kumahq/kuma/pull/8185) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 [#7916](https://github.com/kumahq/kuma/pull/7916) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0 [#7992](https://github.com/kumahq/kuma/pull/7992) @dependabot +* chore(deps): bump github.com/slok/go-http-metrics from 0.10.0 to 0.11.0 [#8091](https://github.com/kumahq/kuma/pull/8091) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 [#7989](https://github.com/kumahq/kuma/pull/7989) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.23.0 to 0.26.0 [#7791](https://github.com/kumahq/kuma/pull/7791) [#7945](https://github.com/kumahq/kuma/pull/7945) [#8186](https://github.com/kumahq/kuma/pull/8186) @dependabot +* chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.0 to 0.1.1 [#7641](https://github.com/kumahq/kuma/pull/7641) @dependabot +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7799](https://github.com/kumahq/kuma/pull/7799) @lukidzi +* chore(deps): bump go version to 1.21.3 [#8001](https://github.com/kumahq/kuma/pull/8001) @slonka +* chore(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 [#7789](https://github.com/kumahq/kuma/pull/7789) @dependabot +* chore(deps): bump golang.org/x/net from 0.14.0 to 0.16.0 [#7699](https://github.com/kumahq/kuma/pull/7699) [#7988](https://github.com/kumahq/kuma/pull/7988) @dependabot +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.58.3 [#8034](https://github.com/kumahq/kuma/pull/8034) @michaelbeaumont +* chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 [#7642](https://github.com/kumahq/kuma/pull/7642) @dependabot +* chore(deps): bump golang.org/x/text from 0.12.0 to 0.13.0 [#7640](https://github.com/kumahq/kuma/pull/7640) @dependabot +* chore(deps): bump golangci-lint from v1.53.3 to v1.54.1 [#7837](https://github.com/kumahq/kuma/pull/7837) @michaelbeaumont +* chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.59.0 [#7698](https://github.com/kumahq/kuma/pull/7698) [#7788](https://github.com/kumahq/kuma/pull/7788) [#7856](https://github.com/kumahq/kuma/pull/7856) [#8097](https://github.com/kumahq/kuma/pull/8097) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.3 to 3.13.1 [#7915](https://github.com/kumahq/kuma/pull/7915) [#8089](https://github.com/kumahq/kuma/pull/8089) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from v0.28.1 to v0.28.2 [#7918](https://github.com/kumahq/kuma/pull/7918) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.3 [#7643](https://github.com/kumahq/kuma/pull/7643) [#7787](https://github.com/kumahq/kuma/pull/7787) [#8095](https://github.com/kumahq/kuma/pull/8095) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to v1.0.0 [#7644](https://github.com/kumahq/kuma/pull/7644) [#7781](https://github.com/kumahq/kuma/pull/7781) [#8150](https://github.com/kumahq/kuma/pull/8150) @dependabot,@michaelbeaumont +* chore(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 [#8187](https://github.com/kumahq/kuma/pull/8187) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#7784](https://github.com/kumahq/kuma/pull/7784) [#7920](https://github.com/kumahq/kuma/pull/7920) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#8347](https://github.com/kumahq/kuma/pull/8347) @slonka +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates [#7613](https://github.com/kumahq/kuma/pull/7613) @dependabot +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates [#7607](https://github.com/kumahq/kuma/pull/7607) @dependabot +* chore(deps): bump the k8s-libs group with 3 updates [#7606](https://github.com/kumahq/kuma/pull/7606) [#7790](https://github.com/kumahq/kuma/pull/7790) [#8088](https://github.com/kumahq/kuma/pull/8088) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.8.0 to 2.1.0 [#7638](https://github.com/kumahq/kuma/pull/7638) [#7731](https://github.com/kumahq/kuma/pull/7731) [#7853](https://github.com/kumahq/kuma/pull/7853) @dependabot +* chore(deps): bump ubuntu from `ec050c3` to `2b7412e` [#7637](https://github.com/kumahq/kuma/pull/7637) [#7986](https://github.com/kumahq/kuma/pull/7986) [#8052](https://github.com/kumahq/kuma/pull/8052) @dependabot +* chore(deps): downgrade testcontainers-go from v0.24.0 to v0.23.0 [#7800](https://github.com/kumahq/kuma/pull/7800) @jakubdyszkiewicz +* chore(deps): update gateway-api [#8270](https://github.com/kumahq/kuma/pull/8270) @michaelbeaumont +* chore(deps): update go to 1.21.4 [#8341](https://github.com/kumahq/kuma/pull/8341) @slonka +* chore(deps): upgrade envoy to 1.28.0 [#8158](https://github.com/kumahq/kuma/pull/8158) @lukidzi +* chore(deps): upgrade github.com/gruntwork-io/terratest to v0.43.13 [#7706](https://github.com/kumahq/kuma/pull/7706) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7603](https://github.com/kumahq/kuma/pull/7603) [#7604](https://github.com/kumahq/kuma/pull/7604) [#7605](https://github.com/kumahq/kuma/pull/7605) [#7612](https://github.com/kumahq/kuma/pull/7612) [#7614](https://github.com/kumahq/kuma/pull/7614) [#7617](https://github.com/kumahq/kuma/pull/7617) [#7619](https://github.com/kumahq/kuma/pull/7619) [#7620](https://github.com/kumahq/kuma/pull/7620) [#7622](https://github.com/kumahq/kuma/pull/7622) [#7626](https://github.com/kumahq/kuma/pull/7626) [#7627](https://github.com/kumahq/kuma/pull/7627) [#7628](https://github.com/kumahq/kuma/pull/7628) [#7629](https://github.com/kumahq/kuma/pull/7629) [#7631](https://github.com/kumahq/kuma/pull/7631) [#7646](https://github.com/kumahq/kuma/pull/7646) [#7647](https://github.com/kumahq/kuma/pull/7647) [#7648](https://github.com/kumahq/kuma/pull/7648) [#7650](https://github.com/kumahq/kuma/pull/7650) [#7653](https://github.com/kumahq/kuma/pull/7653) [#7658](https://github.com/kumahq/kuma/pull/7658) [#7659](https://github.com/kumahq/kuma/pull/7659) [#7689](https://github.com/kumahq/kuma/pull/7689) [#7700](https://github.com/kumahq/kuma/pull/7700) [#7710](https://github.com/kumahq/kuma/pull/7710) [#7713](https://github.com/kumahq/kuma/pull/7713) [#7721](https://github.com/kumahq/kuma/pull/7721) [#7727](https://github.com/kumahq/kuma/pull/7727) [#7729](https://github.com/kumahq/kuma/pull/7729) [#7730](https://github.com/kumahq/kuma/pull/7730) [#7732](https://github.com/kumahq/kuma/pull/7732) [#7733](https://github.com/kumahq/kuma/pull/7733) [#7738](https://github.com/kumahq/kuma/pull/7738) [#7739](https://github.com/kumahq/kuma/pull/7739) [#7749](https://github.com/kumahq/kuma/pull/7749) [#7750](https://github.com/kumahq/kuma/pull/7750) [#7754](https://github.com/kumahq/kuma/pull/7754) [#7755](https://github.com/kumahq/kuma/pull/7755) [#7766](https://github.com/kumahq/kuma/pull/7766) [#7777](https://github.com/kumahq/kuma/pull/7777) [#7779](https://github.com/kumahq/kuma/pull/7779) [#7795](https://github.com/kumahq/kuma/pull/7795) [#7797](https://github.com/kumahq/kuma/pull/7797) [#7798](https://github.com/kumahq/kuma/pull/7798) [#7802](https://github.com/kumahq/kuma/pull/7802) [#7804](https://github.com/kumahq/kuma/pull/7804) [#7806](https://github.com/kumahq/kuma/pull/7806) [#7811](https://github.com/kumahq/kuma/pull/7811) [#7812](https://github.com/kumahq/kuma/pull/7812) [#7822](https://github.com/kumahq/kuma/pull/7822) [#7866](https://github.com/kumahq/kuma/pull/7866) [#7867](https://github.com/kumahq/kuma/pull/7867) [#7899](https://github.com/kumahq/kuma/pull/7899) [#7900](https://github.com/kumahq/kuma/pull/7900) [#7902](https://github.com/kumahq/kuma/pull/7902) [#7935](https://github.com/kumahq/kuma/pull/7935) [#7953](https://github.com/kumahq/kuma/pull/7953) [#7966](https://github.com/kumahq/kuma/pull/7966) [#7973](https://github.com/kumahq/kuma/pull/7973) [#7979](https://github.com/kumahq/kuma/pull/7979) [#7980](https://github.com/kumahq/kuma/pull/7980) [#7983](https://github.com/kumahq/kuma/pull/7983) [#7984](https://github.com/kumahq/kuma/pull/7984) [#7996](https://github.com/kumahq/kuma/pull/7996) [#7998](https://github.com/kumahq/kuma/pull/7998) [#8009](https://github.com/kumahq/kuma/pull/8009) [#8010](https://github.com/kumahq/kuma/pull/8010) [#8041](https://github.com/kumahq/kuma/pull/8041) [#8045](https://github.com/kumahq/kuma/pull/8045) [#8048](https://github.com/kumahq/kuma/pull/8048) [#8049](https://github.com/kumahq/kuma/pull/8049) [#8057](https://github.com/kumahq/kuma/pull/8057) [#8059](https://github.com/kumahq/kuma/pull/8059) [#8061](https://github.com/kumahq/kuma/pull/8061) [#8074](https://github.com/kumahq/kuma/pull/8074) [#8080](https://github.com/kumahq/kuma/pull/8080) [#8083](https://github.com/kumahq/kuma/pull/8083) [#8085](https://github.com/kumahq/kuma/pull/8085) [#8104](https://github.com/kumahq/kuma/pull/8104) [#8115](https://github.com/kumahq/kuma/pull/8115) [#8118](https://github.com/kumahq/kuma/pull/8118) [#8120](https://github.com/kumahq/kuma/pull/8120) [#8126](https://github.com/kumahq/kuma/pull/8126) [#8145](https://github.com/kumahq/kuma/pull/8145) [#8146](https://github.com/kumahq/kuma/pull/8146) [#8147](https://github.com/kumahq/kuma/pull/8147) [#8201](https://github.com/kumahq/kuma/pull/8201) [#8207](https://github.com/kumahq/kuma/pull/8207) [#8210](https://github.com/kumahq/kuma/pull/8210) [#8213](https://github.com/kumahq/kuma/pull/8213) [#8214](https://github.com/kumahq/kuma/pull/8214) [#8215](https://github.com/kumahq/kuma/pull/8215) [#8217](https://github.com/kumahq/kuma/pull/8217) [#8219](https://github.com/kumahq/kuma/pull/8219) [#8220](https://github.com/kumahq/kuma/pull/8220) [#8221](https://github.com/kumahq/kuma/pull/8221) [#8232](https://github.com/kumahq/kuma/pull/8232) [#8236](https://github.com/kumahq/kuma/pull/8236) [#8238](https://github.com/kumahq/kuma/pull/8238) [#8239](https://github.com/kumahq/kuma/pull/8239) @kumahq +* feat(ExternalService): add skip hostname verification for external services [#7633](https://github.com/kumahq/kuma/pull/7633) @alparslanavci +* feat(MeshLoadBalancingStrategy): new locality aware api [#8082](https://github.com/kumahq/kuma/pull/8082) [#8112](https://github.com/kumahq/kuma/pull/8112) @Automaat,@lukidzi +* feat(MeshProxyPatch): allow policy to target MeshGateway resources [#8044](https://github.com/kumahq/kuma/pull/8044) @bartsmykla +* feat(api-server): add /_overview for all types that have overviews [#7999](https://github.com/kumahq/kuma/pull/7999) [#8173](https://github.com/kumahq/kuma/pull/8173) @lahabana +* feat(api-server): add filtering on list external-services and dataplanes [#7810](https://github.com/kumahq/kuma/pull/7810) @lahabana +* feat(api-server): added query parameter to filter services by name [#8154](https://github.com/kumahq/kuma/pull/8154) @lukidzi +* feat(api-server): implement new Global Insight endpoint [#7775](https://github.com/kumahq/kuma/pull/7775) [#7872](https://github.com/kumahq/kuma/pull/7872) @Automaat +* feat(api-server): new inspect api [#8148](https://github.com/kumahq/kuma/pull/8148) @lahabana +* feat(docs): add generated openapi docs [#7975](https://github.com/kumahq/kuma/pull/7975) @lahabana +* feat(dp-token): allow validator to define keys not scoped to a mesh [#8169](https://github.com/kumahq/kuma/pull/8169) @nicoche +* feat(events): configurable buffers and predicates [#7735](https://github.com/kumahq/kuma/pull/7735) @jakubdyszkiewicz +* feat(gui): adds storeType index.html variable [#7965](https://github.com/kumahq/kuma/pull/7965) @johncowen +* feat(helm): add configurable service port for cp ingress [#8263](https://github.com/kumahq/kuma/pull/8263) @lahabana +* feat(helm): add loadBalancerSourceRanges on global zone sync service [#7978](https://github.com/kumahq/kuma/pull/7978) @slavogiez +* feat(helm): add possibility to run universal zone cp on kubernetes [#7924](https://github.com/kumahq/kuma/pull/7924) @Automaat +* feat(helm): add service-account features to egress and ingress [#7864](https://github.com/kumahq/kuma/pull/7864) @lahabana +* feat(helm): add support for controlplane deployment annotations [#7959](https://github.com/kumahq/kuma/pull/7959) @slavogiez +* feat(helm): allow to define service accounts annotations [#7724](https://github.com/kumahq/kuma/pull/7724) @lukidzi +* feat(helm): allow to disable tls-checksum generation [#7955](https://github.com/kumahq/kuma/pull/7955) @lukidzi +* feat(helm): minReadySeconds for control plane [#7931](https://github.com/kumahq/kuma/pull/7931) @jakubdyszkiewicz +* feat(insights): jitter zone insights upsert [#7925](https://github.com/kumahq/kuma/pull/7925) @jakubdyszkiewicz +* feat(insights): metrics of reason and result [#7752](https://github.com/kumahq/kuma/pull/7752) @jakubdyszkiewicz +* feat(insights): multiple workers [#7778](https://github.com/kumahq/kuma/pull/7778) @jakubdyszkiewicz +* feat(kds): add metrics to event based watchdog [#7651](https://github.com/kumahq/kuma/pull/7651) @jakubdyszkiewicz +* feat(kds): add user-agent with useful version info [#7886](https://github.com/kumahq/kuma/pull/7886) @lahabana +* feat(kds): allow to delay full resync when ticker [#7782](https://github.com/kumahq/kuma/pull/7782) @lukidzi +* feat(kds): allow to disable KDS SOTW grpc api [#7961](https://github.com/kumahq/kuma/pull/7961) @lukidzi +* feat(kds): better error handling [#7868](https://github.com/kumahq/kuma/pull/7868) @jakubdyszkiewicz +* feat(kds): compact subscriptions in insights [#7962](https://github.com/kumahq/kuma/pull/7962) @jakubdyszkiewicz +* feat(kds): enable delta by default [#8262](https://github.com/kumahq/kuma/pull/8262) @lahabana +* feat(kds): execute filters on envoy admin streams [#7905](https://github.com/kumahq/kuma/pull/7905) @jakubdyszkiewicz +* feat(kds): experimental event based watchdog [#7624](https://github.com/kumahq/kuma/pull/7624) @jakubdyszkiewicz +* feat(kds): introduce zone health checks [#7821](https://github.com/kumahq/kuma/pull/7821) @michaelbeaumont +* feat(kds): pass resource keys to resourceStore for delta kds [#7654](https://github.com/kumahq/kuma/pull/7654) @lukidzi +* feat(kds): resource sync metric [#7794](https://github.com/kumahq/kuma/pull/7794) @jakubdyszkiewicz +* feat(kds): response backoff [#7997](https://github.com/kumahq/kuma/pull/7997) @jakubdyszkiewicz +* feat(kds): use hash-suffix for KDS sync [#7519](https://github.com/kumahq/kuma/pull/7519) @lobkovilya +* feat(kuma-cp): add HealthCheck unary endpoint [#7815](https://github.com/kumahq/kuma/pull/7815) @michaelbeaumont +* feat(kuma-cp): add basedOnKuma in cp_info metric [#8218](https://github.com/kumahq/kuma/pull/8218) @lahabana +* feat(kuma-cp): add locality aware implementation for egress [#8233](https://github.com/kumahq/kuma/pull/8233) @Automaat +* feat(kuma-cp): add support for Gateway in MeshLoadBalancingStrategy [#8309](https://github.com/kumahq/kuma/pull/8309) @Automaat +* feat(kuma-cp): allow to disable backend validation [#7901](https://github.com/kumahq/kuma/pull/7901) @lukidzi +* feat(kuma-cp): make OpenTelemetry control plane tracing fully configurable [#7936](https://github.com/kumahq/kuma/pull/7936) @michaelbeaumont +* feat(kuma-cp): move KDS hash suffix under a feature flag [#8363](https://github.com/kumahq/kuma/pull/8363) @lobkovilya +* feat(kuma-dp): support setting Envoy's --component-log-level [#8241](https://github.com/kumahq/kuma/pull/8241) @michaelbeaumont +* feat(kumactl): support new inspect api [#8192](https://github.com/kumahq/kuma/pull/8192) @lahabana +* feat(rsa): add support for PKIX encoded pubkeys [#8179](https://github.com/kumahq/kuma/pull/8179) @nicoche +* feat(store): add owner reference to the secrets [#7770](https://github.com/kumahq/kuma/pull/7770) @slonka +* feat(store): added postgres index for owner columns [#7625](https://github.com/kumahq/kuma/pull/7625) @lukidzi +* feat(store): allow ResourceStore to be customized [#7743](https://github.com/kumahq/kuma/pull/7743) @bartsmykla +* feat(store): conflict metrics [#7753](https://github.com/kumahq/kuma/pull/7753) @jakubdyszkiewicz +* feat(store): consistent gets for read replica [#7923](https://github.com/kumahq/kuma/pull/7923) @jakubdyszkiewicz +* feat(store): support postgres reader replica [#7763](https://github.com/kumahq/kuma/pull/7763) @jakubdyszkiewicz +* feat(tenants): add extension points for sharding [#7502](https://github.com/kumahq/kuma/pull/7502) @jakubdyszkiewicz +* feat(transparent-proxy): add `--exclude-outbound-ports-for-uids` [#7588](https://github.com/kumahq/kuma/pull/7588) @lahabana +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails [#7870](https://github.com/kumahq/kuma/pull/7870) @bartsmykla +* feat(xds): auto reachable services based on MeshTrafficPermission [#8125](https://github.com/kumahq/kuma/pull/8125) @jakubdyszkiewicz +* fix(MeshFaultInjection): include tags negation in header matching [#8043](https://github.com/kumahq/kuma/pull/8043) @bartsmykla +* fix(MeshGateway): ensure that duplicate listeners are not added when crossMesh is enabled on a listener and Routes specify hostnames [#8156](https://github.com/kumahq/kuma/pull/8156) @ttreptow +* fix(MeshTrafficPermission): support permissive mtls [#8171](https://github.com/kumahq/kuma/pull/8171) @jakubdyszkiewicz +* fix(TrafficRoute): use default value when choiceCount is 0 [#7938](https://github.com/kumahq/kuma/pull/7938) @lukidzi +* fix(api-server): 400 error on admin operations on not yet connected stream [#8039](https://github.com/kumahq/kuma/pull/8039) @slonka +* fix(api-server): always remove empty array in inspect gw api [#8209](https://github.com/kumahq/kuma/pull/8209) @lahabana +* fix(api-server): avoid panic when there no insight for entity [#8068](https://github.com/kumahq/kuma/pull/8068) @lahabana +* fix(api-server): dataplane overview pagination [#7803](https://github.com/kumahq/kuma/pull/7803) @jakubdyszkiewicz +* fix(api-server): empty list instead of null [#7780](https://github.com/kumahq/kuma/pull/7780) @jakubdyszkiewicz +* fix(api-server): improve HandleError to handle rest_errors.Error and fix Unauthenticated error handling [#7818](https://github.com/kumahq/kuma/pull/7818) @bartsmykla +* fix(api-server): improve error handling and return status [#7937](https://github.com/kumahq/kuma/pull/7937) @lahabana +* fix(core): better lifecycle when context is getting cancelled [#8268](https://github.com/kumahq/kuma/pull/8268) @lahabana +* fix(envoy): remove apple flag [#8314](https://github.com/kumahq/kuma/pull/8314) @lukidzi +* fix(gatewayapi): don't set RefNotPermitted for GAMMA routes [#7771](https://github.com/kumahq/kuma/pull/7771) @michaelbeaumont +* fix(gatewayapi): don't set listener ResolvedRefs based on routes ResolvedRefs [#7809](https://github.com/kumahq/kuma/pull/7809) @michaelbeaumont +* fix(helm): do not run webhooks on kube-system [#8157](https://github.com/kumahq/kuma/pull/8157) @lahabana +* fix(helm): make CNI configmap and serviceaccount support custom namespace [#7956](https://github.com/kumahq/kuma/pull/7956) @slavogiez +* fix(helm): use bitnami/kubectl image for helm hooks [#7656](https://github.com/kumahq/kuma/pull/7656) @lahabana +* fix(insights): have subscription gc also work for zoneEgress insights [#7954](https://github.com/kumahq/kuma/pull/7954) @lahabana +* fix(insights): improve ZoneInsight subscription management [#8153](https://github.com/kumahq/kuma/pull/8153) @michaelbeaumont +* fix(k8s): add namespace to `deleteObjectIfExist` in pod controller [#8063](https://github.com/kumahq/kuma/pull/8063) @slonka +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations [#8301](https://github.com/kumahq/kuma/pull/8301) @slonka +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services [#8168](https://github.com/kumahq/kuma/pull/8168) @bartsmykla +* fix(kds): call CloseSend and exit a goroutine when sync fails to start [#7869](https://github.com/kumahq/kuma/pull/7869) @lukidzi +* fix(kds): delta delivery metric [#7793](https://github.com/kumahq/kuma/pull/7793) @jakubdyszkiewicz +* fix(kds): don't inc KdsGenerationErrors when context canceled [#7913](https://github.com/kumahq/kuma/pull/7913) @michaelbeaumont +* fix(kds): experimental watchdog concurrent map write [#7630](https://github.com/kumahq/kuma/pull/7630) @jakubdyszkiewicz +* fix(kds): set error when KDS clients fails in goroutine [#7725](https://github.com/kumahq/kuma/pull/7725) @lukidzi +* fix(kds): try returning unavailable on app context finish [#8050](https://github.com/kumahq/kuma/pull/8050) @slonka +* fix(kds): use deprecated method in otel [#8366](https://github.com/kumahq/kuma/pull/8366) @slonka +* fix(kuma-cni): support port exclusion for UIDs [#8319](https://github.com/kumahq/kuma/pull/8319) @lobkovilya +* fix(kuma-cp): change affinityTag field in MeshLoadBalancingStrategy t… [#8294](https://github.com/kumahq/kuma/pull/8294) @Automaat +* fix(kuma-cp): cleanup interval should be calculated based on "expirationTime" for hashCache [#8065](https://github.com/kumahq/kuma/pull/8065) @lobkovilya +* fix(kuma-cp): don't add `postStart` hook to builtin gateway even if `waitForDataplaneReady: true` [#7939](https://github.com/kumahq/kuma/pull/7939) @lobkovilya +* fix(kuma-cp): don't configure RBAC rules on Prometheus listener [#8172](https://github.com/kumahq/kuma/pull/8172) @lobkovilya +* fix(kuma-cp): fix Zone{In|E}gress sync when no mesh [#8129](https://github.com/kumahq/kuma/pull/8129) @bartsmykla +* fix(kuma-cp): meta validation compatible with Kubernetes naming rules [#7976](https://github.com/kumahq/kuma/pull/7976) @lobkovilya +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes [#7909](https://github.com/kumahq/kuma/pull/7909) @lobkovilya +* fix(kuma-cp): take proper context for resync [#7805](https://github.com/kumahq/kuma/pull/7805) @lukidzi +* fix(kuma-cp): use GetConsistent store when validating default mesh resources [#7949](https://github.com/kumahq/kuma/pull/7949) @lukidzi +* fix(kuma-cp): using policy name with "." causes hash to be inserted in the wrong place on the zone [#8240](https://github.com/kumahq/kuma/pull/8240) @lobkovilya +* fix(kuma-dp): advise user to check pod events when data plane rejected by webhooks [#8257](https://github.com/kumahq/kuma/pull/8257) @jijiechen +* fix(kuma-dp): fix build [#8282](https://github.com/kumahq/kuma/pull/8282) @Automaat +* fix(kuma-dp): fix incorrect dataplane name due to mangled env vars [#8199](https://github.com/kumahq/kuma/pull/8199) @bartsmykla +* fix(kumactl): add `--mesh` parameter to `inspect ` [#7696](https://github.com/kumahq/kuma/pull/7696) @lahabana +* fix(observability): add annotation to make observability while running CNI work [#8330](https://github.com/kumahq/kuma/pull/8330) @slonka +* fix(policy): improve targetRef name and tags validation [#7972](https://github.com/kumahq/kuma/pull/7972) @alparslanavci +* fix(store): fix passing logs to pglock [#8040](https://github.com/kumahq/kuma/pull/8040) @slonka +* fix(store): use customizer for postgres ro pool [#7769](https://github.com/kumahq/kuma/pull/7769) @jakubdyszkiewicz +* fix(transparent-proxy): fix --wait flags for iptables legacy [#8364](https://github.com/kumahq/kuma/pull/8364) @bartsmykla +* fix(xds): backwards compatibility on access logs paths [#7662](https://github.com/kumahq/kuma/pull/7662) @jakubdyszkiewicz +* fix(xds): use stable hashes for outbound cluster names [#8081](https://github.com/kumahq/kuma/pull/8081) @michaelbeaumont +* perf(insights): fetch dp overviews once [#7652](https://github.com/kumahq/kuma/pull/7652) @jakubdyszkiewicz +* perf(insights): fetch external services once [#7796](https://github.com/kumahq/kuma/pull/7796) @lukidzi +* perf(insights): refresh only changed [#7737](https://github.com/kumahq/kuma/pull/7737) @jakubdyszkiewicz +* perf(store): postgres transactions [#7995](https://github.com/kumahq/kuma/pull/7995) @jakubdyszkiewicz +* perf(xds): put the Gatewaylisteners in the Proxy [#8051](https://github.com/kumahq/kuma/pull/8051) @lahabana + + +## 2.4.4 +> Released on 2023/11/06 + +* chore(deps): security update [#8054](https://github.com/kumahq/kuma/pull/8054) [#8205](https://github.com/kumahq/kuma/pull/8205) @kumahq +* fix(MeshTrafficPermission): support permissive mtls (backport of #8171) [#8176](https://github.com/kumahq/kuma/pull/8176) @kumahq +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) [#8198](https://github.com/kumahq/kuma/pull/8198) @kumahq +* fix(kuma-cp): fix ZoneIngress/ZoneEgress sync when no mesh (backport of #8129) [#8134](https://github.com/kumahq/kuma/pull/8134) @kumahq + + +## 2.4.3 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8025](https://github.com/kumahq/kuma/pull/8025) @lahabana +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8012](https://github.com/kumahq/kuma/pull/8012) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8032](https://github.com/kumahq/kuma/pull/8032) @michaelbeaumont + + +## 2.3.3 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.26.4 to 1.26.5 [#8024](https://github.com/kumahq/kuma/pull/8024) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7825](https://github.com/kumahq/kuma/pull/7825) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8016](https://github.com/kumahq/kuma/pull/8016) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8033](https://github.com/kumahq/kuma/pull/8033) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7838](https://github.com/kumahq/kuma/pull/7838) [#7848](https://github.com/kumahq/kuma/pull/7848) @kumahq +* chore(deps): security update [#7734](https://github.com/kumahq/kuma/pull/7734) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7529](https://github.com/kumahq/kuma/pull/7529) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7833](https://github.com/kumahq/kuma/pull/7833) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7927](https://github.com/kumahq/kuma/pull/7927) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7576](https://github.com/kumahq/kuma/pull/7576) @kumahq + + +## 2.2.5 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.25.9 to 1.25.10 [#8026](https://github.com/kumahq/kuma/pull/8026) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7827](https://github.com/kumahq/kuma/pull/7827) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8013](https://github.com/kumahq/kuma/pull/8013) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8031](https://github.com/kumahq/kuma/pull/8031) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7842](https://github.com/kumahq/kuma/pull/7842) [#7844](https://github.com/kumahq/kuma/pull/7844) @kumahq +* chore(deps): security update [#7718](https://github.com/kumahq/kuma/pull/7718) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7531](https://github.com/kumahq/kuma/pull/7531) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7832](https://github.com/kumahq/kuma/pull/7832) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7928](https://github.com/kumahq/kuma/pull/7928) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7579](https://github.com/kumahq/kuma/pull/7579) @kumahq + + +## 2.1.7 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8027](https://github.com/kumahq/kuma/pull/8027) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7829](https://github.com/kumahq/kuma/pull/7829) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8015](https://github.com/kumahq/kuma/pull/8015) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8030](https://github.com/kumahq/kuma/pull/8030) @michaelbeaumont +* chore(deps): security update [#7716](https://github.com/kumahq/kuma/pull/7716) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7532](https://github.com/kumahq/kuma/pull/7532) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7830](https://github.com/kumahq/kuma/pull/7830) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7926](https://github.com/kumahq/kuma/pull/7926) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7577](https://github.com/kumahq/kuma/pull/7577) @kumahq + + +## 2.0.8 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8028](https://github.com/kumahq/kuma/pull/8028) @lahabana +* chore(deps): bump go from 1.18 to 1.21.1 [#7533](https://github.com/kumahq/kuma/pull/7533) [#7828](https://github.com/kumahq/kuma/pull/7828) @kumahq,@michaelbeaumont +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8014](https://github.com/kumahq/kuma/pull/8014) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8029](https://github.com/kumahq/kuma/pull/8029) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7841](https://github.com/kumahq/kuma/pull/7841) [#7847](https://github.com/kumahq/kuma/pull/7847) @kumahq +* chore(deps): security update [#7406](https://github.com/kumahq/kuma/pull/7406) [#7453](https://github.com/kumahq/kuma/pull/7453) [#7717](https://github.com/kumahq/kuma/pull/7717) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7528](https://github.com/kumahq/kuma/pull/7528) @kumahq +* fix(containerd): only build cgroups on linux (backport of #7408) [#7423](https://github.com/kumahq/kuma/pull/7423) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7831](https://github.com/kumahq/kuma/pull/7831) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7930](https://github.com/kumahq/kuma/pull/7930) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7580](https://github.com/kumahq/kuma/pull/7580) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7389](https://github.com/kumahq/kuma/pull/7389) @kumahq + + +## 2.4.2 +> Released on 2023/10/02 + +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7826](https://github.com/kumahq/kuma/pull/7826) @kumahq +* chore(deps): security update [#7719](https://github.com/kumahq/kuma/pull/7719) @kumahq +* feat(kds): add user-agent with useful version info (backport of #7886) [#7897](https://github.com/kumahq/kuma/pull/7897) @kumahq +* feat(kds): better error handling (backport of #7868) [#7877](https://github.com/kumahq/kuma/pull/7877) @kumahq +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails (backport of #7870) [#7892](https://github.com/kumahq/kuma/pull/7892) @kumahq +* fix(kds): call CloseSend and exit a goroutine when sync fails to start (backport of #7869) [#7883](https://github.com/kumahq/kuma/pull/7883) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7834](https://github.com/kumahq/kuma/pull/7834) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7929](https://github.com/kumahq/kuma/pull/7929) @kumahq + + +## 2.4.1 +> Released on 2023/09/07 + +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.1 [#7680](https://github.com/kumahq/kuma/pull/7680) @kumahq +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to 0.8.0 [#7664](https://github.com/kumahq/kuma/pull/7664) @kumahq +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates (backport of #7613) [#7678](https://github.com/kumahq/kuma/pull/7678) @kumahq +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates (backport of #7607) [#7670](https://github.com/kumahq/kuma/pull/7670) @kumahq +* chore(deps): bump the k8s-libs group with 3 updates (backport of #7606) [#7688](https://github.com/kumahq/kuma/pull/7688) @kumahq +* fix(kumactl): add `--mesh` parameter to `inspect ` (backport of #7696) [#7703](https://github.com/kumahq/kuma/pull/7703) @kumahq +* fix(xds): backwards compatibility on access logs paths (backport of #7662) [#7694](https://github.com/kumahq/kuma/pull/7694) @kumahq + + +## 2.4.0 +> Released on 2023/08/28 + +* chore(deps): bump CoreDNS from v1.10.1 to v1.11.1 [#7493](https://github.com/kumahq/kuma/pull/7493) [#7523](https://github.com/kumahq/kuma/pull/7523) @michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.13.0 to 1.14.0 [#7554](https://github.com/kumahq/kuma/pull/7554) @dependabot +* chore(deps): bump debian from `3d868b5` to `b91baba` [#7403](https://github.com/kumahq/kuma/pull/7403) [#7547](https://github.com/kumahq/kuma/pull/7547) @dependabot +* chore(deps): bump envoy to 1.26.3 [#7267](https://github.com/kumahq/kuma/pull/7267) @lukidzi +* chore(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 [#7205](https://github.com/kumahq/kuma/pull/7205) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.2 to 3.11.0 [#7552](https://github.com/kumahq/kuma/pull/7552) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 [#7159](https://github.com/kumahq/kuma/pull/7159) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.0 to 0.5.1 [#7337](https://github.com/kumahq/kuma/pull/7337) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.3 [#7273](https://github.com/kumahq/kuma/pull/7273) [#7474](https://github.com/kumahq/kuma/pull/7474) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 [#7336](https://github.com/kumahq/kuma/pull/7336) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.20.1 to 0.23.0 [#7122](https://github.com/kumahq/kuma/pull/7122) [#7514](https://github.com/kumahq/kuma/pull/7514) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.20.0 to 1.0.0 [#7272](https://github.com/kumahq/kuma/pull/7272) @dependabot +* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 [#7472](https://github.com/kumahq/kuma/pull/7472) @dependabot +* chore(deps): bump golang.org/x/net from 0.11.0 to 0.14.0 [#7206](https://github.com/kumahq/kuma/pull/7206) [#7475](https://github.com/kumahq/kuma/pull/7475) @dependabot +* chore(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 [#7204](https://github.com/kumahq/kuma/pull/7204) [#7471](https://github.com/kumahq/kuma/pull/7471) @dependabot +* chore(deps): bump golang.org/x/text from 0.10.0 to 0.12.0 [#7203](https://github.com/kumahq/kuma/pull/7203) [#7476](https://github.com/kumahq/kuma/pull/7476) @dependabot +* chore(deps): bump golangci-lint from v1.51.2 to v1.53.3 [#7334](https://github.com/kumahq/kuma/pull/7334) @lahabana +* chore(deps): bump gonum.org/v1/gonum from 0.13.0 to 0.14.0 [#7553](https://github.com/kumahq/kuma/pull/7553) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.57.0 [#7123](https://github.com/kumahq/kuma/pull/7123) [#7202](https://github.com/kumahq/kuma/pull/7202) [#7373](https://github.com/kumahq/kuma/pull/7373) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 [#7124](https://github.com/kumahq/kuma/pull/7124) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.1 to 3.12.3 [#7270](https://github.com/kumahq/kuma/pull/7270) [#7515](https://github.com/kumahq/kuma/pull/7515) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.3 to 0.27.4 [#7372](https://github.com/kumahq/kuma/pull/7372) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 [#7470](https://github.com/kumahq/kuma/pull/7470) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.12.0 to 0.13.0 [#7271](https://github.com/kumahq/kuma/pull/7271) [#7550](https://github.com/kumahq/kuma/pull/7550) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.7.1-0.20230727082008-1764e458047d to 0.8.0-rc1 [#7371](https://github.com/kumahq/kuma/pull/7371) [#7513](https://github.com/kumahq/kuma/pull/7513) @dependabot,@michaelbeaumont +* chore(deps): bump the k8s-libs group with 3 updates [#7335](https://github.com/kumahq/kuma/pull/7335) [#7549](https://github.com/kumahq/kuma/pull/7549) @dependabot +* chore(deps): bump ubuntu from `0bced47` to `ec050c3` [#7546](https://github.com/kumahq/kuma/pull/7546) @dependabot +* chore(deps): update go from 1.20.5 to 1.20.6 [#7414](https://github.com/kumahq/kuma/pull/7414) @slonka +* chore(deps): update testcontainers-go to 0.22.0 [#7477](https://github.com/kumahq/kuma/pull/7477) @slonka +* chore(deps): update to go 1.20.7 [#7429](https://github.com/kumahq/kuma/pull/7429) @slonka +* chore(deps): upgrade envoy to 1.26.4 [#7367](https://github.com/kumahq/kuma/pull/7367) @lukidzi +* chore(deps): upgrade envoy to 1.27.0 [#7411](https://github.com/kumahq/kuma/pull/7411) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7095](https://github.com/kumahq/kuma/pull/7095) [#7096](https://github.com/kumahq/kuma/pull/7096) [#7097](https://github.com/kumahq/kuma/pull/7097) [#7100](https://github.com/kumahq/kuma/pull/7100) [#7113](https://github.com/kumahq/kuma/pull/7113) [#7127](https://github.com/kumahq/kuma/pull/7127) [#7128](https://github.com/kumahq/kuma/pull/7128) [#7156](https://github.com/kumahq/kuma/pull/7156) [#7169](https://github.com/kumahq/kuma/pull/7169) [#7171](https://github.com/kumahq/kuma/pull/7171) [#7193](https://github.com/kumahq/kuma/pull/7193) [#7219](https://github.com/kumahq/kuma/pull/7219) [#7255](https://github.com/kumahq/kuma/pull/7255) [#7260](https://github.com/kumahq/kuma/pull/7260) [#7261](https://github.com/kumahq/kuma/pull/7261) [#7274](https://github.com/kumahq/kuma/pull/7274) [#7279](https://github.com/kumahq/kuma/pull/7279) [#7284](https://github.com/kumahq/kuma/pull/7284) [#7305](https://github.com/kumahq/kuma/pull/7305) [#7308](https://github.com/kumahq/kuma/pull/7308) [#7320](https://github.com/kumahq/kuma/pull/7320) [#7322](https://github.com/kumahq/kuma/pull/7322) [#7328](https://github.com/kumahq/kuma/pull/7328) [#7331](https://github.com/kumahq/kuma/pull/7331) [#7340](https://github.com/kumahq/kuma/pull/7340) [#7341](https://github.com/kumahq/kuma/pull/7341) [#7343](https://github.com/kumahq/kuma/pull/7343) [#7345](https://github.com/kumahq/kuma/pull/7345) [#7350](https://github.com/kumahq/kuma/pull/7350) [#7357](https://github.com/kumahq/kuma/pull/7357) [#7369](https://github.com/kumahq/kuma/pull/7369) [#7370](https://github.com/kumahq/kuma/pull/7370) [#7376](https://github.com/kumahq/kuma/pull/7376) [#7378](https://github.com/kumahq/kuma/pull/7378) [#7379](https://github.com/kumahq/kuma/pull/7379) [#7385](https://github.com/kumahq/kuma/pull/7385) [#7388](https://github.com/kumahq/kuma/pull/7388) [#7413](https://github.com/kumahq/kuma/pull/7413) [#7421](https://github.com/kumahq/kuma/pull/7421) [#7430](https://github.com/kumahq/kuma/pull/7430) [#7444](https://github.com/kumahq/kuma/pull/7444) [#7478](https://github.com/kumahq/kuma/pull/7478) [#7479](https://github.com/kumahq/kuma/pull/7479) [#7480](https://github.com/kumahq/kuma/pull/7480) [#7481](https://github.com/kumahq/kuma/pull/7481) [#7482](https://github.com/kumahq/kuma/pull/7482) [#7487](https://github.com/kumahq/kuma/pull/7487) [#7498](https://github.com/kumahq/kuma/pull/7498) [#7499](https://github.com/kumahq/kuma/pull/7499) [#7503](https://github.com/kumahq/kuma/pull/7503) [#7509](https://github.com/kumahq/kuma/pull/7509) [#7510](https://github.com/kumahq/kuma/pull/7510) [#7511](https://github.com/kumahq/kuma/pull/7511) [#7517](https://github.com/kumahq/kuma/pull/7517) [#7518](https://github.com/kumahq/kuma/pull/7518) [#7522](https://github.com/kumahq/kuma/pull/7522) [#7524](https://github.com/kumahq/kuma/pull/7524) [#7537](https://github.com/kumahq/kuma/pull/7537) [#7538](https://github.com/kumahq/kuma/pull/7538) [#7548](https://github.com/kumahq/kuma/pull/7548) [#7557](https://github.com/kumahq/kuma/pull/7557) [#7566](https://github.com/kumahq/kuma/pull/7566) [#7568](https://github.com/kumahq/kuma/pull/7568) [#7569](https://github.com/kumahq/kuma/pull/7569) [#7571](https://github.com/kumahq/kuma/pull/7571) [#7575](https://github.com/kumahq/kuma/pull/7575) [#7581](https://github.com/kumahq/kuma/pull/7581) [#7582](https://github.com/kumahq/kuma/pull/7582) [#7584](https://github.com/kumahq/kuma/pull/7584) @kumahq +* chore(release): merge release-2.3 [#7099](https://github.com/kumahq/kuma/pull/7099) @michaelbeaumont +* feat(MeshHealthCheck): allow top level targetRef kind MeshGateway [#7194](https://github.com/kumahq/kuma/pull/7194) @michaelbeaumont +* feat(MeshRetry): allow top level targetRef kind MeshGateway [#7190](https://github.com/kumahq/kuma/pull/7190) @michaelbeaumont +* feat(MeshTimeout): allow top level targetRef.kind MeshGateway [#7137](https://github.com/kumahq/kuma/pull/7137) @michaelbeaumont +* feat(VirtualOutbound): support multizone [#7407](https://github.com/kumahq/kuma/pull/7407) @jakubdyszkiewicz +* feat(api-server): add isTargetRefBased in /policies [#7561](https://github.com/kumahq/kuma/pull/7561) @lahabana +* feat(api-server): add service unavailable error [#7501](https://github.com/kumahq/kuma/pull/7501) @slonka +* feat(api-server): allow WebService customization in plugins [#7497](https://github.com/kumahq/kuma/pull/7497) @michaelbeaumont +* feat(api-server): error status is an int [#7162](https://github.com/kumahq/kuma/pull/7162) @jakubdyszkiewicz +* feat(cni): add retry for CNI config file check [#7215](https://github.com/kumahq/kuma/pull/7215) @StuAtKong +* feat(insights): add event to trigger computation [#7506](https://github.com/kumahq/kuma/pull/7506) @jakubdyszkiewicz +* feat(insights): change metrics to milliseconds [#7491](https://github.com/kumahq/kuma/pull/7491) @jakubdyszkiewicz +* feat(k8s): show `targetRef` `kind`/`name` in kubectl output [#7116](https://github.com/kumahq/kuma/pull/7116) @michaelbeaumont +* feat(kuma-cp): add 'renewDeadline' and 'leaseDuration' config params [#7448](https://github.com/kumahq/kuma/pull/7448) @lobkovilya +* feat(kuma-cp): add info about presence of auth token in zoneInsight [#7598](https://github.com/kumahq/kuma/pull/7598) @Automaat +* feat(kuma-cp): add observability to k8s auth cache [#7192](https://github.com/kumahq/kuma/pull/7192) @jakubdyszkiewicz +* feat(kuma-cp): add opentelemetry traces to pgx [#7216](https://github.com/kumahq/kuma/pull/7216) @michaelbeaumont +* feat(kuma-cp): add tracing to KDS server [#7160](https://github.com/kumahq/kuma/pull/7160) @michaelbeaumont +* feat(kuma-cp): allow to disable resources count metrics [#7304](https://github.com/kumahq/kuma/pull/7304) @lukidzi +* feat(kuma-cp): better xds metrics [#7208](https://github.com/kumahq/kuma/pull/7208) @jakubdyszkiewicz +* feat(kuma-cp): block application container start until dp is ready [#7583](https://github.com/kumahq/kuma/pull/7583) @lukidzi +* feat(kuma-cp): extend ZoneInsight api with information about usage of… [#7563](https://github.com/kumahq/kuma/pull/7563) @Automaat +* feat(kuma-cp): force routing through zone egress [#7558](https://github.com/kumahq/kuma/pull/7558) @jakubdyszkiewicz +* feat(kuma-cp): implement TLS listener for prometheus [#7534](https://github.com/kumahq/kuma/pull/7534) @lukidzi +* feat(kuma-cp): introduce OpenTelemetry tracing [#7153](https://github.com/kumahq/kuma/pull/7153) @michaelbeaumont +* feat(kuma-cp): support Datadog propagation for tracing [#7168](https://github.com/kumahq/kuma/pull/7168) @michaelbeaumont +* feat(kuma-dp): don't require NET_BIND_SERVICE capability [#7276](https://github.com/kumahq/kuma/pull/7276) @michaelbeaumont +* feat(kumactl): define User-Agent [#7307](https://github.com/kumahq/kuma/pull/7307) @mmorel-35 +* feat(metrics): expose kube controller manager metrics [#7158](https://github.com/kumahq/kuma/pull/7158) @jakubdyszkiewicz +* feat(metrics): support OpenMetrics from applications [#7125](https://github.com/kumahq/kuma/pull/7125) @AyushSenapati +* feat(observability): add traceId in error messages [#7329](https://github.com/kumahq/kuma/pull/7329) @lahabana +* feat(observability): components metrics [#7209](https://github.com/kumahq/kuma/pull/7209) @jakubdyszkiewicz +* feat(policy): add `targetRef.kind` `MeshGateway` [#7114](https://github.com/kumahq/kuma/pull/7114) @michaelbeaumont +* feat(watchdog): don't call onError if error was Canceled [#7401](https://github.com/kumahq/kuma/pull/7401) @michaelbeaumont +* feat(xds): filter-chain builder constructor require name [#7131](https://github.com/kumahq/kuma/pull/7131) @mmorel-35 +* feat(xds): named resources (clusters) builders require name [#7104](https://github.com/kumahq/kuma/pull/7104) @mmorel-35 +* feat(xds): named resources (listeners) builders require name [#7105](https://github.com/kumahq/kuma/pull/7105) @mmorel-35 +* feat(xds): named resources (routes configuration) builders require name [#7106](https://github.com/kumahq/kuma/pull/7106) @mmorel-35 +* feat(zoneproxies): check empty listeners [#7562](https://github.com/kumahq/kuma/pull/7562) @jakubdyszkiewicz +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP [#7225](https://github.com/kumahq/kuma/pull/7225) @lukidzi +* fix(api-server): return 400 when PUT/POST resource is invalid [#7560](https://github.com/kumahq/kuma/pull/7560) @lahabana +* fix(containerd): only build cgroups on linux [#7408](https://github.com/kumahq/kuma/pull/7408) @slonka +* fix(dataplane_watchdog): fix outdated comment [#7565](https://github.com/kumahq/kuma/pull/7565) @nicoche +* fix(egress): routing using MeshHTTPRoute and VirtualOutbound [#7536](https://github.com/kumahq/kuma/pull/7536) @jakubdyszkiewicz +* fix(insights): rewrite insights to allow more efficiency [#7375](https://github.com/kumahq/kuma/pull/7375) @lahabana +* fix(intercp): properly track idleness of pool connections [#7323](https://github.com/kumahq/kuma/pull/7323) @michaelbeaumont +* fix(k8s): tolerate unknown `appProtocol` [#7133](https://github.com/kumahq/kuma/pull/7133) @michaelbeaumont +* fix(kuma-cp): cancel OnTick when watchdog stopped [#7221](https://github.com/kumahq/kuma/pull/7221) @michaelbeaumont +* fix(kuma-cp): do not require certs on https api port [#7102](https://github.com/kumahq/kuma/pull/7102) @jakubdyszkiewicz +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service [#7282](https://github.com/kumahq/kuma/pull/7282) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog [#7348](https://github.com/kumahq/kuma/pull/7348) @lukidzi +* fix(kuma-cp): don't return from opentelemetry Start [#7157](https://github.com/kumahq/kuma/pull/7157) @michaelbeaumont +* fix(kuma-cp): handle advertised address in zone ingress [#7332](https://github.com/kumahq/kuma/pull/7332) @jakubdyszkiewicz +* fix(kuma-cp): handle external services with permissive mtls [#7179](https://github.com/kumahq/kuma/pull/7179) @jakubdyszkiewicz +* fix(kuma-cp): order resources for building VIPs [#7333](https://github.com/kumahq/kuma/pull/7333) @lukidzi +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts [#7231](https://github.com/kumahq/kuma/pull/7231) @michaelbeaumont +* fix(kuma-cp): put metadata xds callbacks before sync [#7230](https://github.com/kumahq/kuma/pull/7230) @lobkovilya +* fix(kuma-cp): universal mode don't log on every lock acquire attempt [#7593](https://github.com/kumahq/kuma/pull/7593) @michaelbeaumont +* fix(kuma-dp): pass sockets in metadata from dp to cp [#7218](https://github.com/kumahq/kuma/pull/7218) @lahabana +* fix(kumactl): treat 404 as resource not found error [#7297](https://github.com/kumahq/kuma/pull/7297) @slonka +* fix(metrics): hijacker should not pass accept-encoding [#7572](https://github.com/kumahq/kuma/pull/7572) @jakubdyszkiewicz +* fix(sec): get rid of dependency on containerd [#7387](https://github.com/kumahq/kuma/pull/7387) @slonka +* perf(kuma-cp): trim zone ingress and service insights [#7098](https://github.com/kumahq/kuma/pull/7098) @jakubdyszkiewicz +* perf(xds): use aggregated mesh context for zone proxies [#7449](https://github.com/kumahq/kuma/pull/7449) @jakubdyszkiewicz +* perf(zoneingress): only pick resources from proper mesh [#7415](https://github.com/kumahq/kuma/pull/7415) @jakubdyszkiewicz + + +## 2.1.6 +> Released on 2023/08/09 + +* chore(deps): bump go from 1.18 to 1.20.7 [#7446](https://github.com/kumahq/kuma/pull/7446) [#7489](https://github.com/kumahq/kuma/pull/7489) @michaelbeaumont +* chore(deps): security update [#7405](https://github.com/kumahq/kuma/pull/7405) [#7442](https://github.com/kumahq/kuma/pull/7442) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7390](https://github.com/kumahq/kuma/pull/7390) @kumahq + + +## 2.2.4 +> Released on 2023/08/04 + +* chore(deps): security update [#7454](https://github.com/kumahq/kuma/pull/7454) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7417](https://github.com/kumahq/kuma/pull/7417) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7432](https://github.com/kumahq/kuma/pull/7432) @kumahq +* chore(deps): upgrade envoy to 1.25.9 [#7366](https://github.com/kumahq/kuma/pull/7366) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7422](https://github.com/kumahq/kuma/pull/7422) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7355](https://github.com/kumahq/kuma/pull/7355) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7362](https://github.com/kumahq/kuma/pull/7362) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7391](https://github.com/kumahq/kuma/pull/7391) @kumahq + + +## 2.3.2 +> Released on 2023/08/03 + +* chore(deps): security update [#7443](https://github.com/kumahq/kuma/pull/7443) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7419](https://github.com/kumahq/kuma/pull/7419) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7435](https://github.com/kumahq/kuma/pull/7435) @kumahq +* chore(deps): upgrade envoy to 1.26.4 [#7368](https://github.com/kumahq/kuma/pull/7368) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7425](https://github.com/kumahq/kuma/pull/7425) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7351](https://github.com/kumahq/kuma/pull/7351) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7359](https://github.com/kumahq/kuma/pull/7359) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7392](https://github.com/kumahq/kuma/pull/7392) @kumahq + + +## 2.1.5 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7363](https://github.com/kumahq/kuma/pull/7363) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7352](https://github.com/kumahq/kuma/pull/7352) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7361](https://github.com/kumahq/kuma/pull/7361) @kumahq + + +## 2.0.7 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7364](https://github.com/kumahq/kuma/pull/7364) @lukidzi +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7358](https://github.com/kumahq/kuma/pull/7358) @kumahq + + +## 1.8.8 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7365](https://github.com/kumahq/kuma/pull/7365) @lukidzi +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7360](https://github.com/kumahq/kuma/pull/7360) @kumahq + +## 2.3.1 +> Released on 2023/07/21 + +* chore(deps): bump envoy to 1.26.3 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7266](https://github.com/kumahq/kuma/pull/7266) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP (backport of #7225) [#7233](https://github.com/kumahq/kuma/pull/7233) @kumahq +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7241](https://github.com/kumahq/kuma/pull/7241) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7111](https://github.com/kumahq/kuma/pull/7111) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7295](https://github.com/kumahq/kuma/pull/7295) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7187](https://github.com/kumahq/kuma/pull/7187) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7250](https://github.com/kumahq/kuma/pull/7250) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7244](https://github.com/kumahq/kuma/pull/7244) @kumahq +* fix(kumactl): treat 404 as resource not found error (backport of #7297) [#7303](https://github.com/kumahq/kuma/pull/7303) @kumahq + + +## 2.2.3 +> Released on 2023/07/21 + +* chore(deps): bump envoy to 1.25.8 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7265](https://github.com/kumahq/kuma/pull/7265) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7242](https://github.com/kumahq/kuma/pull/7242) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7110](https://github.com/kumahq/kuma/pull/7110) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7291](https://github.com/kumahq/kuma/pull/7291) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7185](https://github.com/kumahq/kuma/pull/7185) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7254](https://github.com/kumahq/kuma/pull/7254) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7245](https://github.com/kumahq/kuma/pull/7245) @kumahq + + +## 2.1.4 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7264](https://github.com/kumahq/kuma/pull/7264) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7240](https://github.com/kumahq/kuma/pull/7240) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7294](https://github.com/kumahq/kuma/pull/7294) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7188](https://github.com/kumahq/kuma/pull/7188) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7251](https://github.com/kumahq/kuma/pull/7251) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7247](https://github.com/kumahq/kuma/pull/7247) @kumahq + + +## 2.0.6 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7263](https://github.com/kumahq/kuma/pull/7263) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7293](https://github.com/kumahq/kuma/pull/7293) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7186](https://github.com/kumahq/kuma/pull/7186) @kumahq + + +## 1.8.7 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7262](https://github.com/kumahq/kuma/pull/7262) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7292](https://github.com/kumahq/kuma/pull/7292) @kumahq + + +## 2.3.0 +> Released on 2023/06/22 + +* chore(deps): bump Envoy from v1.25.4 to v1.26.2 [#6638](https://github.com/kumahq/kuma/pull/6638) [#6938](https://github.com/kumahq/kuma/pull/6938) @lukidzi,@michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.11.0 to 1.13.0 [#6817](https://github.com/kumahq/kuma/pull/6817) [#6927](https://github.com/kumahq/kuma/pull/6927) @dependabot +* chore(deps): bump controller-runtime from v0.14.6 to v0.15.0 [#6809](https://github.com/kumahq/kuma/pull/6809) [#6832](https://github.com/kumahq/kuma/pull/6832) @dependabot,@michaelbeaumont +* chore(deps): bump gateway-api from v0.7.0 to c9540a9cf448 [#6614](https://github.com/kumahq/kuma/pull/6614) [#6674](https://github.com/kumahq/kuma/pull/6674) [#6735](https://github.com/kumahq/kuma/pull/6735) [#6771](https://github.com/kumahq/kuma/pull/6771) [#6840](https://github.com/kumahq/kuma/pull/6840) [#6912](https://github.com/kumahq/kuma/pull/6912) [#7020](https://github.com/kumahq/kuma/pull/7020) @dependabot,@michaelbeaumont +* chore(deps): bump github.com/containernetworking/plugins from 1.2.0 to 1.3.0 [#6738](https://github.com/kumahq/kuma/pull/6738) @dependabot +* chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible [#6751](https://github.com/kumahq/kuma/pull/6751) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.0 to 0.11.1 [#6866](https://github.com/kumahq/kuma/pull/6866) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.1 [#6617](https://github.com/kumahq/kuma/pull/6617) [#6737](https://github.com/kumahq/kuma/pull/6737) @dependabot +* chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 [#6742](https://github.com/kumahq/kuma/pull/6742) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.15.2 to 4.16.2 [#6864](https://github.com/kumahq/kuma/pull/6864) [#6928](https://github.com/kumahq/kuma/pull/6928) [#7000](https://github.com/kumahq/kuma/pull/7000) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9 [#6554](https://github.com/kumahq/kuma/pull/6554) [#6650](https://github.com/kumahq/kuma/pull/6650) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.53 to 1.1.54 [#6651](https://github.com/kumahq/kuma/pull/6651) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.10.0 [#6689](https://github.com/kumahq/kuma/pull/6689) [#6768](https://github.com/kumahq/kuma/pull/6768) [#6925](https://github.com/kumahq/kuma/pull/6925) [#7002](https://github.com/kumahq/kuma/pull/7002) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.8 [#6818](https://github.com/kumahq/kuma/pull/6818) [#7001](https://github.com/kumahq/kuma/pull/7001) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1 [#6555](https://github.com/kumahq/kuma/pull/6555) [#6692](https://github.com/kumahq/kuma/pull/6692) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 [#6691](https://github.com/kumahq/kuma/pull/6691) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.42.0 to 0.44.0 [#6690](https://github.com/kumahq/kuma/pull/6690) [#6814](https://github.com/kumahq/kuma/pull/6814) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 [#6926](https://github.com/kumahq/kuma/pull/6926) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.6 [#6867](https://github.com/kumahq/kuma/pull/6867) [#7003](https://github.com/kumahq/kuma/pull/7003) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.18.0 to 0.20.1 [#6708](https://github.com/kumahq/kuma/pull/6708) [#6736](https://github.com/kumahq/kuma/pull/6736) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.19.0 to 0.20.0 [#7004](https://github.com/kumahq/kuma/pull/7004) @dependabot +* chore(deps): bump golang from 1.20.4 to 1.20.5 [#6587](https://github.com/kumahq/kuma/pull/6587) [#6828](https://github.com/kumahq/kuma/pull/6828) [#6959](https://github.com/kumahq/kuma/pull/6959) @lahabana,@lukidzi +* chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 [#6712](https://github.com/kumahq/kuma/pull/6712) @dependabot +* chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 [#6693](https://github.com/kumahq/kuma/pull/6693) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 [#6687](https://github.com/kumahq/kuma/pull/6687) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 [#6652](https://github.com/kumahq/kuma/pull/6652) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.3 to 0.27.2 [#6813](https://github.com/kumahq/kuma/pull/6813) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.12.0 [#6586](https://github.com/kumahq/kuma/pull/6586) [#6688](https://github.com/kumahq/kuma/pull/6688) @dependabot +* chore(deps): use latest kumahq/kuma-gui [#6548](https://github.com/kumahq/kuma/pull/6548) [#6552](https://github.com/kumahq/kuma/pull/6552) [#6562](https://github.com/kumahq/kuma/pull/6562) [#6576](https://github.com/kumahq/kuma/pull/6576) [#6606](https://github.com/kumahq/kuma/pull/6606) [#6616](https://github.com/kumahq/kuma/pull/6616) [#6629](https://github.com/kumahq/kuma/pull/6629) [#6640](https://github.com/kumahq/kuma/pull/6640) [#6655](https://github.com/kumahq/kuma/pull/6655) [#6656](https://github.com/kumahq/kuma/pull/6656) [#6659](https://github.com/kumahq/kuma/pull/6659) [#6661](https://github.com/kumahq/kuma/pull/6661) [#6662](https://github.com/kumahq/kuma/pull/6662) [#6664](https://github.com/kumahq/kuma/pull/6664) [#6675](https://github.com/kumahq/kuma/pull/6675) [#6678](https://github.com/kumahq/kuma/pull/6678) [#6701](https://github.com/kumahq/kuma/pull/6701) [#6702](https://github.com/kumahq/kuma/pull/6702) [#6710](https://github.com/kumahq/kuma/pull/6710) [#6715](https://github.com/kumahq/kuma/pull/6715) [#6753](https://github.com/kumahq/kuma/pull/6753) [#6756](https://github.com/kumahq/kuma/pull/6756) [#6762](https://github.com/kumahq/kuma/pull/6762) [#6774](https://github.com/kumahq/kuma/pull/6774) [#6775](https://github.com/kumahq/kuma/pull/6775) [#6776](https://github.com/kumahq/kuma/pull/6776) [#6777](https://github.com/kumahq/kuma/pull/6777) [#6791](https://github.com/kumahq/kuma/pull/6791) [#6798](https://github.com/kumahq/kuma/pull/6798) [#6801](https://github.com/kumahq/kuma/pull/6801) [#6803](https://github.com/kumahq/kuma/pull/6803) [#6807](https://github.com/kumahq/kuma/pull/6807) [#6811](https://github.com/kumahq/kuma/pull/6811) [#6821](https://github.com/kumahq/kuma/pull/6821) [#6822](https://github.com/kumahq/kuma/pull/6822) [#6823](https://github.com/kumahq/kuma/pull/6823) [#6824](https://github.com/kumahq/kuma/pull/6824) [#6830](https://github.com/kumahq/kuma/pull/6830) [#6833](https://github.com/kumahq/kuma/pull/6833) [#6834](https://github.com/kumahq/kuma/pull/6834) [#6835](https://github.com/kumahq/kuma/pull/6835) [#6837](https://github.com/kumahq/kuma/pull/6837) [#6847](https://github.com/kumahq/kuma/pull/6847) [#6850](https://github.com/kumahq/kuma/pull/6850) [#6851](https://github.com/kumahq/kuma/pull/6851) [#6871](https://github.com/kumahq/kuma/pull/6871) [#6875](https://github.com/kumahq/kuma/pull/6875) [#6877](https://github.com/kumahq/kuma/pull/6877) [#6878](https://github.com/kumahq/kuma/pull/6878) [#6879](https://github.com/kumahq/kuma/pull/6879) [#6882](https://github.com/kumahq/kuma/pull/6882) [#6885](https://github.com/kumahq/kuma/pull/6885) [#6904](https://github.com/kumahq/kuma/pull/6904) [#6914](https://github.com/kumahq/kuma/pull/6914) [#6919](https://github.com/kumahq/kuma/pull/6919) [#6921](https://github.com/kumahq/kuma/pull/6921) [#6932](https://github.com/kumahq/kuma/pull/6932) [#6933](https://github.com/kumahq/kuma/pull/6933) [#6937](https://github.com/kumahq/kuma/pull/6937) [#6939](https://github.com/kumahq/kuma/pull/6939) [#6941](https://github.com/kumahq/kuma/pull/6941) [#6946](https://github.com/kumahq/kuma/pull/6946) [#6949](https://github.com/kumahq/kuma/pull/6949) [#6954](https://github.com/kumahq/kuma/pull/6954) [#6958](https://github.com/kumahq/kuma/pull/6958) [#6975](https://github.com/kumahq/kuma/pull/6975) [#6978](https://github.com/kumahq/kuma/pull/6978) [#6980](https://github.com/kumahq/kuma/pull/6980) [#6982](https://github.com/kumahq/kuma/pull/6982) [#6984](https://github.com/kumahq/kuma/pull/6984) [#6994](https://github.com/kumahq/kuma/pull/6994) [#6998](https://github.com/kumahq/kuma/pull/6998) [#7005](https://github.com/kumahq/kuma/pull/7005) [#7009](https://github.com/kumahq/kuma/pull/7009) [#7011](https://github.com/kumahq/kuma/pull/7011) [#7012](https://github.com/kumahq/kuma/pull/7012) [#7013](https://github.com/kumahq/kuma/pull/7013) [#7015](https://github.com/kumahq/kuma/pull/7015) [#7038](https://github.com/kumahq/kuma/pull/7038) [#7060](https://github.com/kumahq/kuma/pull/7060) [#7074](https://github.com/kumahq/kuma/pull/7074) [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* feat(MeshCircuitBreaker): support MeshGateways [#6706](https://github.com/kumahq/kuma/pull/6706) @michaelbeaumont +* feat(MeshGateway): add TLS passthrough listeners [#6922](https://github.com/kumahq/kuma/pull/6922) @michaelbeaumont +* feat(MeshGateway): support termination on TLS listeners [#6952](https://github.com/kumahq/kuma/pull/6952) @michaelbeaumont +* feat(MeshHealthCheck): support MeshGateway [#6743](https://github.com/kumahq/kuma/pull/6743) @michaelbeaumont +* feat(MeshLoadBalancingStrategy): add builtin gateway support [#6800](https://github.com/kumahq/kuma/pull/6800) @michaelbeaumont +* feat(MeshRetry): add host selection predicates [#6346](https://github.com/kumahq/kuma/pull/6346) @johnharris85 +* feat(api-server): add ability to get k8s format of a resource [#6673](https://github.com/kumahq/kuma/pull/6673) @lahabana +* feat(api-server): make errors compliant with aip 193 [#7017](https://github.com/kumahq/kuma/pull/7017) @lahabana +* feat(client): Consolidate HTTP Client [#6849](https://github.com/kumahq/kuma/pull/6849) @mmorel-35 +* feat(cni): k8s make namespace configurable [#6721](https://github.com/kumahq/kuma/pull/6721) @mmorel-35 +* feat(config): improve configurability [#6583](https://github.com/kumahq/kuma/pull/6583) @slonka +* feat(docker/kumactl): make entrypoint consistent with kuma-cp and kuma-dp images [#6596](https://github.com/kumahq/kuma/pull/6596) @bartsmykla +* feat(envoyadmin): support passing kds envoy operations via http proxy [#6915](https://github.com/kumahq/kuma/pull/6915) @jakubdyszkiewicz +* feat(helm): Add logOutputPath support to chart [#6649](https://github.com/kumahq/kuma/pull/6649) @ashman1984 +* feat(helm): add possibility to extend secrets for cp in helm charts when reusing kuma charts [#6883](https://github.com/kumahq/kuma/pull/6883) @Automaat +* feat(helm): enable NodePort customization [#6770](https://github.com/kumahq/kuma/pull/6770) @mmorel-35 +* feat(helm): remove hostNetwork: true from CNI DaemonSet [#6599](https://github.com/kumahq/kuma/pull/6599) @michaelbeaumont +* feat(helm): set readOnlyRootFilesystem on CNI, more explicit templates [#6604](https://github.com/kumahq/kuma/pull/6604) @michaelbeaumont +* feat(helm): validate zone name on install [#6739](https://github.com/kumahq/kuma/pull/6739) @mmorel-35 +* feat(insights): include tenant id in insights info key [#6804](https://github.com/kumahq/kuma/pull/6804) @jakubdyszkiewicz +* feat(insights): include tenant id in rate limitter key [#6808](https://github.com/kumahq/kuma/pull/6808) @jakubdyszkiewicz +* feat(intercp): pass tenant id [#6856](https://github.com/kumahq/kuma/pull/6856) @jakubdyszkiewicz +* feat(intercp): use global tenant for catalog request [#6863](https://github.com/kumahq/kuma/pull/6863) @jakubdyszkiewicz +* feat(k8s): add read-only root FS to sidecar [#6681](https://github.com/kumahq/kuma/pull/6681) @dascole +* feat(k8s): show `Dataplane` services in `kubectl` output [#6725](https://github.com/kumahq/kuma/pull/6725) @michaelbeaumont +* feat(kds): configurable server stream interceptors [#6697](https://github.com/kumahq/kuma/pull/6697) @jakubdyszkiewicz +* feat(kds): multitenancy [#6723](https://github.com/kumahq/kuma/pull/6723) @jakubdyszkiewicz +* feat(kds): opt-in insecure skip verify in zone cp client [#6991](https://github.com/kumahq/kuma/pull/6991) @jakubdyszkiewicz +* feat(kuma-cp): top-level MeshHTTPRoute targetRef for MeshTimeout [#7016](https://github.com/kumahq/kuma/pull/7016) @lobkovilya +* feat(kuma-cp): add possibility to configure concurrent reconciliation… [#7010](https://github.com/kumahq/kuma/pull/7010) @Automaat +* feat(kuma-cp): add possibility to configure kubernetes client qps and… [#6951](https://github.com/kumahq/kuma/pull/6951) @Automaat +* feat(kuma-cp): allow to override resource store plugin [#6887](https://github.com/kumahq/kuma/pull/6887) @jakubdyszkiewicz +* feat(kuma-cp): allow to specify protocol for globalZone sync service [#6842](https://github.com/kumahq/kuma/pull/6842) @lukidzi +* feat(kuma-cp): implement MeshTrafficPermisson for ExternalServices with ZoneEgress [#7061](https://github.com/kumahq/kuma/pull/7061) @lukidzi +* feat(kuma-cp): improve BuildRules algorithm [#6973](https://github.com/kumahq/kuma/pull/6973) @lobkovilya +* feat(kuma-cp): introduce tag first Virtual Outbound model [#7076](https://github.com/kumahq/kuma/pull/7076) @Automaat +* feat(kuma-cp): multitenancy adjustments [#6705](https://github.com/kumahq/kuma/pull/6705) @jakubdyszkiewicz +* feat(kuma-cp): multitenant counter metrics [#6707](https://github.com/kumahq/kuma/pull/6707) @jakubdyszkiewicz +* feat(kuma-cp): remove unnecessary reconciliation of pods on configmap… [#7014](https://github.com/kumahq/kuma/pull/7014) @Automaat +* feat(kuma-cp): support MeshHTTPRoute targetRef [#6983](https://github.com/kumahq/kuma/pull/6983) @lobkovilya +* feat(mesh): allow disabling default policy creation [#6481](https://github.com/kumahq/kuma/pull/6481) [#6931](https://github.com/kumahq/kuma/pull/6931) @johnharris85 +* feat(meshaccesslog): use "type" to express oneof [#6676](https://github.com/kumahq/kuma/pull/6676) @lobkovilya +* feat(meshtrace): use "type" to express oneof [#6679](https://github.com/kumahq/kuma/pull/6679) @lobkovilya +* feat(mtls): generate certificates for Address and AdvertisedAddress for Dataplane and Ingress [#6584](https://github.com/kumahq/kuma/pull/6584) @mmorel-35 +* feat(multitenancy): postgres events [#6799](https://github.com/kumahq/kuma/pull/6799) @jakubdyszkiewicz +* feat(policy): add MeshTCPRoute [#6806](https://github.com/kumahq/kuma/pull/6806) [#6873](https://github.com/kumahq/kuma/pull/6873) [#6888](https://github.com/kumahq/kuma/pull/6888) @bartsmykla +* feat(resources): retry upsert on resource already exist [#7022](https://github.com/kumahq/kuma/pull/7022) @jakubdyszkiewicz +* feat(tls): remove commonName in certificate generation [#6627](https://github.com/kumahq/kuma/pull/6627) @mmorel-35 +* feat(ui): add mode in the config in the index.html [#6942](https://github.com/kumahq/kuma/pull/6942) @lahabana +* feat(webhook): make init ordering configurable first/last [#7070](https://github.com/kumahq/kuma/pull/7070) @johnharris85 +* feat(webhook): warn/fail if containers use same UID as sidecar [#7042](https://github.com/kumahq/kuma/pull/7042) @johnharris85 +* fix(GatewayAPI): convert HTTP header names to lowercase [#6704](https://github.com/kumahq/kuma/pull/6704) @michaelbeaumont +* fix(GatewayAPI): don't panic if an HTTPRoute references a Gateway with a nonexistent GatewayClass [#6722](https://github.com/kumahq/kuma/pull/6722) @michaelbeaumont +* fix(GatewayAPI): don't share HTTPRoute conditions between parentRefs [#6537](https://github.com/kumahq/kuma/pull/6537) @michaelbeaumont +* fix(GatewayAPI): npe errors [#6852](https://github.com/kumahq/kuma/pull/6852) @michaelbeaumont +* fix(GatewayAPI): reconcile Gateways on Secret changes [#6754](https://github.com/kumahq/kuma/pull/6754) @michaelbeaumont +* fix(MeshGateway): don't strip ports from host [#6755](https://github.com/kumahq/kuma/pull/6755) @michaelbeaumont +* fix(MeshGateway): tweak route precedence to match Gateway API [#6843](https://github.com/kumahq/kuma/pull/6843) @michaelbeaumont +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service [#7069](https://github.com/kumahq/kuma/pull/7069) @michaelbeaumont +* fix(MeshHTTPRoute): assume default catch all path (any path starting with "/") in route match when not explicitly set [#6993](https://github.com/kumahq/kuma/pull/6993) @bartsmykla +* fix(MeshHTTPRoute): only configure HTTP outbounds or with an explicit matching rule [#6876](https://github.com/kumahq/kuma/pull/6876) @michaelbeaumont +* fix(MeshHTTPRoute): rename Prefix to PathPrefix [#6578](https://github.com/kumahq/kuma/pull/6578) @michaelbeaumont +* fix(MeshHTTPRoute): require at least one match [#6796](https://github.com/kumahq/kuma/pull/6796) @michaelbeaumont +* fix(MeshRetry): set MeshGateway retry on routes not virtual hosts [#7029](https://github.com/kumahq/kuma/pull/7029) @michaelbeaumont +* fix(MeshRetry): support MeshGateway [#6779](https://github.com/kumahq/kuma/pull/6779) @lobkovilya +* fix(MeshTimeout): only apply Mesh targeted HTTP timeouts for MeshGateway [#6981](https://github.com/kumahq/kuma/pull/6981) @michaelbeaumont +* fix(MeshTimeout): set idle timeout on gateways, use route action instead of hcm [#6884](https://github.com/kumahq/kuma/pull/6884) @michaelbeaumont +* fix(MeshTrace): create spans with MeshGateway [#7043](https://github.com/kumahq/kuma/pull/7043) @michaelbeaumont +* fix(api-server): service-insights should never return items: null [#6648](https://github.com/kumahq/kuma/pull/6648) @lahabana +* fix(config): add delta xds flag to defaults [#7085](https://github.com/kumahq/kuma/pull/7085) @johnharris85 +* fix(gateway): don't skip retry policy with retry methods [#6896](https://github.com/kumahq/kuma/pull/6896) @bartsmykla +* fix(helm): change CNI priorityClass from system-cluster-critical to system-node-critical [#6634](https://github.com/kumahq/kuma/pull/6634) @michaelbeaumont +* fix(helm): correct appProtocol configurations for https [#7087](https://github.com/kumahq/kuma/pull/7087) @johnharris85 +* fix(helm): update HPA API version [#6792](https://github.com/kumahq/kuma/pull/6792) @johnharris85 +* fix(helm): use correct secret for CP CA in ingress/egress [#6663](https://github.com/kumahq/kuma/pull/6663) @michaelbeaumont +* fix(insights): react on events [#6826](https://github.com/kumahq/kuma/pull/6826) @jakubdyszkiewicz +* fix(kds): trim system namespace suffix from names of plugin originated policies when syncing resources from global to zones in multizone mode. [#7019](https://github.com/kumahq/kuma/pull/7019) @bartsmykla +* fix(kuma-cp): add backward compatible reading of virtual outbound from config [#7088](https://github.com/kumahq/kuma/pull/7088) @Automaat +* fix(kuma-cp): add missing validation for MeshTimeout [#7035](https://github.com/kumahq/kuma/pull/7035) @lobkovilya +* fix(kuma-cp): make finalizer tenant aware [#6929](https://github.com/kumahq/kuma/pull/6929) @lukidzi +* fix(kuma-cp): make store changes processing more reliable [#6728](https://github.com/kumahq/kuma/pull/6728) @lukidzi +* fix(kuma-cp): make zone insight context independent from parent [#6909](https://github.com/kumahq/kuma/pull/6909) @lukidzi +* fix(kuma-cp): race condition when proxy connects to the same CP in less than KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY [#6568](https://github.com/kumahq/kuma/pull/6568) @lobkovilya +* fix(kuma-cp): replace err with log when TargetRef can't be resolved [#7032](https://github.com/kumahq/kuma/pull/7032) @lobkovilya +* fix(kuma-cp): reset idleTimeout from the old Timeout policy [#6747](https://github.com/kumahq/kuma/pull/6747) @lobkovilya +* fix(kuma-cp): use port instead of target port of a headless service [#7063](https://github.com/kumahq/kuma/pull/7063) @jakubdyszkiewicz +* fix(kuma-cp): wait between the proxy termination and its deregistration [#6533](https://github.com/kumahq/kuma/pull/6533) @lobkovilya +* fix(kuma-dp): honour app content-type [#6783](https://github.com/kumahq/kuma/pull/6783) @AyushSenapati +* fix(kumactl): return after loading configuration from memory [#6518](https://github.com/kumahq/kuma/pull/6518) @lukidzi +* fix(multitenancy): global tenant in intercp when creating certs [#6789](https://github.com/kumahq/kuma/pull/6789) @jakubdyszkiewicz +* perf(k8s): don't reconcile all pods when a service changes [#6986](https://github.com/kumahq/kuma/pull/6986) @lahabana +* perf(k8s): omit fetching other dataplanes when vips are in the config map [#6940](https://github.com/kumahq/kuma/pull/6940) @jakubdyszkiewicz +* refactor(kds): remove unnecessary function nesting for MapZoneTokenSigningKeyGlobalToPublicKey resource mapper in kds context [#7018](https://github.com/kumahq/kuma/pull/7018) @bartsmykla + + +## 2.2.2 +> Released on 2023/06/21 + +* chore(deps): bump go version from 1.20.3 to 1.20.5 [#6987](https://github.com/kumahq/kuma/pull/6987) @lukidzi +* chore(deps): upgrade envoy to 1.25.7 [#6967](https://github.com/kumahq/kuma/pull/6967) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7081](https://github.com/kumahq/kuma/pull/7081) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6899](https://github.com/kumahq/kuma/pull/6899) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6765](https://github.com/kumahq/kuma/pull/6765) @kumahq + + +## 2.1.3 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6969](https://github.com/kumahq/kuma/pull/6969) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#6573](https://github.com/kumahq/kuma/pull/6573) [#6575](https://github.com/kumahq/kuma/pull/6575) [#6886](https://github.com/kumahq/kuma/pull/6886) @kumahq +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7078](https://github.com/kumahq/kuma/pull/7078) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6595](https://github.com/kumahq/kuma/pull/6595) @mergify +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6900](https://github.com/kumahq/kuma/pull/6900) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6767](https://github.com/kumahq/kuma/pull/6767) @kumahq + + +## 2.0.5 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6968](https://github.com/kumahq/kuma/pull/6968) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7080](https://github.com/kumahq/kuma/pull/7080) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6901](https://github.com/kumahq/kuma/pull/6901) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6763](https://github.com/kumahq/kuma/pull/6763) @kumahq + + +## 1.8.6 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6966](https://github.com/kumahq/kuma/pull/6966) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7079](https://github.com/kumahq/kuma/pull/7079) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6902](https://github.com/kumahq/kuma/pull/6902) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6764](https://github.com/kumahq/kuma/pull/6764) @kumahq + + +## 2.2.1 +> Released on 2023/05/03 + +* chore(deps): bump golang from 1.20.2 to 1.20.3 [#6597](https://github.com/kumahq/kuma/pull/6597) @mergify +* chore(deps): use latest kumahq/kuma-gui [#6574](https://github.com/kumahq/kuma/pull/6574) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6594](https://github.com/kumahq/kuma/pull/6594) @mergify + + +## 2.2.0 +> Released on 2023/04/14 + +* Modify helm.sh script to make sure no duplicate manifests will be present in packaged chart [#6512](https://github.com/kumahq/kuma/pull/6512) @bartsmykla +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5982](https://github.com/kumahq/kuma/pull/5982) @lahabana +* chore(deps): bump actions/setup-go from 3 to 4 [#6311](https://github.com/kumahq/kuma/pull/6311) @dependabot +* chore(deps): bump cirello.io/pglock from 1.10.0 to 1.11.0 [#6149](https://github.com/kumahq/kuma/pull/6149) @dependabot +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6227](https://github.com/kumahq/kuma/pull/6227) @michaelbeaumont +* chore(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.10.0 [#6152](https://github.com/kumahq/kuma/pull/6152) @dependabot +* chore(deps): bump github.com/containerd/cgroups from 1.0.4 to 1.1.0 [#5878](https://github.com/kumahq/kuma/pull/5878) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 [#6051](https://github.com/kumahq/kuma/pull/6051) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.1 to 3.10.2 [#6261](https://github.com/kumahq/kuma/pull/6261) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.10.3 to 0.11.0 [#5947](https://github.com/kumahq/kuma/pull/5947) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 [#6307](https://github.com/kumahq/kuma/pull/6307) [#6316](https://github.com/kumahq/kuma/pull/6316) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 [#6454](https://github.com/kumahq/kuma/pull/6454) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0 [#6071](https://github.com/kumahq/kuma/pull/6071) @dependabot +* chore(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3 [#6263](https://github.com/kumahq/kuma/pull/6263) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.41.9 to 0.41.15 [#5924](https://github.com/kumahq/kuma/pull/5924) [#6076](https://github.com/kumahq/kuma/pull/6076) [#6258](https://github.com/kumahq/kuma/pull/6258) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.50 to 1.1.53 [#6150](https://github.com/kumahq/kuma/pull/6150) [#6262](https://github.com/kumahq/kuma/pull/6262) [#6453](https://github.com/kumahq/kuma/pull/6453) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.9.2 [#5928](https://github.com/kumahq/kuma/pull/5928) [#6043](https://github.com/kumahq/kuma/pull/6043) [#6074](https://github.com/kumahq/kuma/pull/6074) [#6172](https://github.com/kumahq/kuma/pull/6172) [#6208](https://github.com/kumahq/kuma/pull/6208) [#6260](https://github.com/kumahq/kuma/pull/6260) [#6355](https://github.com/kumahq/kuma/pull/6355) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.25.0 to 1.27.6 [#5874](https://github.com/kumahq/kuma/pull/5874) [#6072](https://github.com/kumahq/kuma/pull/6072) [#6167](https://github.com/kumahq/kuma/pull/6167) [#6259](https://github.com/kumahq/kuma/pull/6259) [#6271](https://github.com/kumahq/kuma/pull/6271) [#6353](https://github.com/kumahq/kuma/pull/6353) [#6450](https://github.com/kumahq/kuma/pull/6450) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.39.0 to 0.42.0 [#6073](https://github.com/kumahq/kuma/pull/6073) [#6273](https://github.com/kumahq/kuma/pull/6273) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.41.0 to 0.42.0 [#5927](https://github.com/kumahq/kuma/pull/5927) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 [#6475](https://github.com/kumahq/kuma/pull/6475) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe from 0.0.0-20190820222348-6adcf1eecbcc to github.com/spiffe/go-spiffe/v2 [#6151](https://github.com/kumahq/kuma/pull/6151) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.4 [#6313](https://github.com/kumahq/kuma/pull/6313) [#6451](https://github.com/kumahq/kuma/pull/6451) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.15.0 to 0.18.0 [#6075](https://github.com/kumahq/kuma/pull/6075) @dependabot +* chore(deps): bump github.com/vishvananda/netns to 0.0.4 [#6103](https://github.com/kumahq/kuma/pull/6103) @mmorel-35 +* chore(deps): bump go from 1.18 to 1.20.2 [#6179](https://github.com/kumahq/kuma/pull/6179) [#6279](https://github.com/kumahq/kuma/pull/6279) @jakubdyszkiewicz,@lahabana +* chore(deps): bump go.uber.org/multierr from 1.9.0 to 1.11.0 [#6264](https://github.com/kumahq/kuma/pull/6264) [#6452](https://github.com/kumahq/kuma/pull/6452) @dependabot +* chore(deps): bump golang.org/x/net from 0.5.0 to 0.8.0 [#6003](https://github.com/kumahq/kuma/pull/6003) [#6042](https://github.com/kumahq/kuma/pull/6042) [#6209](https://github.com/kumahq/kuma/pull/6209) @dependabot +* chore(deps): bump golang.org/x/sys from 0.4.0 to 0.7.0 [#5948](https://github.com/kumahq/kuma/pull/5948) [#6476](https://github.com/kumahq/kuma/pull/6476) @dependabot +* chore(deps): bump golang.org/x/text from 0.6.0 to 0.8.0 [#6004](https://github.com/kumahq/kuma/pull/6004) [#6211](https://github.com/kumahq/kuma/pull/6211) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.54.0 [#5877](https://github.com/kumahq/kuma/pull/5877) [#5946](https://github.com/kumahq/kuma/pull/5946) [#6354](https://github.com/kumahq/kuma/pull/6354) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 [#6274](https://github.com/kumahq/kuma/pull/6274) [#6309](https://github.com/kumahq/kuma/pull/6309) @dependabot +* chore(deps): bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1 [#5949](https://github.com/kumahq/kuma/pull/5949) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.11.0 to 3.11.2 [#5962](https://github.com/kumahq/kuma/pull/5962) [#6265](https://github.com/kumahq/kuma/pull/6265) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.3 [#6168](https://github.com/kumahq/kuma/pull/6168) [#6318](https://github.com/kumahq/kuma/pull/6318) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 [#6207](https://github.com/kumahq/kuma/pull/6207) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.1 to 0.26.3 [#6171](https://github.com/kumahq/kuma/pull/6171) [#6308](https://github.com/kumahq/kuma/pull/6308) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.1 to 0.14.6 [#5875](https://github.com/kumahq/kuma/pull/5875) [#5926](https://github.com/kumahq/kuma/pull/5926) [#6210](https://github.com/kumahq/kuma/pull/6210) [#6455](https://github.com/kumahq/kuma/pull/6455) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.3 [#5876](https://github.com/kumahq/kuma/pull/5876) [#5925](https://github.com/kumahq/kuma/pull/5925) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from v0.5.1 to v0.6.0 [#5559](https://github.com/kumahq/kuma/pull/5559) @michaelbeaumont +* chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): remove dependency on github.com/prometheus/prometheus [#6204](https://github.com/kumahq/kuma/pull/6204) @lahabana +* chore(deps): security update [#6397](https://github.com/kumahq/kuma/pull/6397) [#6473](https://github.com/kumahq/kuma/pull/6473) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) [#5911](https://github.com/kumahq/kuma/pull/5911) [#5931](https://github.com/kumahq/kuma/pull/5931) [#5937](https://github.com/kumahq/kuma/pull/5937) [#5940](https://github.com/kumahq/kuma/pull/5940) [#5952](https://github.com/kumahq/kuma/pull/5952) [#5958](https://github.com/kumahq/kuma/pull/5958) [#6002](https://github.com/kumahq/kuma/pull/6002) [#6067](https://github.com/kumahq/kuma/pull/6067) [#6078](https://github.com/kumahq/kuma/pull/6078) [#6155](https://github.com/kumahq/kuma/pull/6155) [#6158](https://github.com/kumahq/kuma/pull/6158) [#6161](https://github.com/kumahq/kuma/pull/6161) [#6176](https://github.com/kumahq/kuma/pull/6176) [#6197](https://github.com/kumahq/kuma/pull/6197) [#6216](https://github.com/kumahq/kuma/pull/6216) [#6243](https://github.com/kumahq/kuma/pull/6243) [#6302](https://github.com/kumahq/kuma/pull/6302) [#6317](https://github.com/kumahq/kuma/pull/6317) [#6345](https://github.com/kumahq/kuma/pull/6345) [#6360](https://github.com/kumahq/kuma/pull/6360) [#6373](https://github.com/kumahq/kuma/pull/6373) [#6400](https://github.com/kumahq/kuma/pull/6400) [#6402](https://github.com/kumahq/kuma/pull/6402) [#6425](https://github.com/kumahq/kuma/pull/6425) @kumahq +* feat(GatewayAPI): support HTTPRoutePathRedirect [#6437](https://github.com/kumahq/kuma/pull/6437) @michaelbeaumont +* feat(GatewayAPI): support ResponseHeaderModifier in HTTPRoute [#6000](https://github.com/kumahq/kuma/pull/6000) @michaelbeaumont +* feat(GatewayAPI): update to v0.6.2 [#6293](https://github.com/kumahq/kuma/pull/6293) @michaelbeaumont +* feat(MeshAccessLog): support OpenTelemetry [#5999](https://github.com/kumahq/kuma/pull/5999) @michaelbeaumont +* feat(MeshGateway): auto host rewrite for gateway route [#6328](https://github.com/kumahq/kuma/pull/6328) @bartsmykla +* feat(MeshGateway): support deployment customization for MeshGatewayInstance [#6348](https://github.com/kumahq/kuma/pull/6348) [#6388](https://github.com/kumahq/kuma/pull/6388) @johnharris85 +* feat(MeshHTTPRoute): add RequestMirror filter [#6064](https://github.com/kumahq/kuma/pull/6064) @lobkovilya +* feat(MeshHTTPRoute): add header matching [#5943](https://github.com/kumahq/kuma/pull/5943) @michaelbeaumont +* feat(MeshHTTPRoute): add path modifier to redirect [#5918](https://github.com/kumahq/kuma/pull/5918) @lobkovilya +* feat(MeshHTTPRoute): cross-zone support [#5984](https://github.com/kumahq/kuma/pull/5984) @michaelbeaumont +* feat(MeshProxyPatch): add json patch support [#6281](https://github.com/kumahq/kuma/pull/6281) @bartsmykla +* feat(MeshRetry): add host selection predicates [#6465](https://github.com/kumahq/kuma/pull/6465) @johnharris85 +* feat(MeshTrace): add support for opentelemetry trace backend [#5992](https://github.com/kumahq/kuma/pull/5992) @frzifus +* feat(api-server): manual mTLS [#5979](https://github.com/kumahq/kuma/pull/5979) @jakubdyszkiewicz +* feat(api-server): whoami endpoint [#6120](https://github.com/kumahq/kuma/pull/6120) @jakubdyszkiewicz +* feat(auth): separate authenticators for dp and zone proxy [#5991](https://github.com/kumahq/kuma/pull/5991) @jakubdyszkiewicz +* feat(helm): add default CNI resources [#6287](https://github.com/kumahq/kuma/pull/6287) @michaelbeaumont +* feat(helm): dynamic admission server port [#6344](https://github.com/kumahq/kuma/pull/6344) @d4kine +* feat(helm): make egress resources configurable [#6286](https://github.com/kumahq/kuma/pull/6286) @dascole +* feat(helm): make it possbile to install universal cp on k8s [#5913](https://github.com/kumahq/kuma/pull/5913) @slonka +* feat(k8s): add a configuration option to list allowed service accounts [#6505](https://github.com/kumahq/kuma/pull/6505) @slonka +* feat(k8s): add annotation `prometheus.metrics.kuma.io/aggregate-application-address` to scrape custom address on k8s [#6289](https://github.com/kumahq/kuma/pull/6289) @slonka +* feat(k8s): set `kubectl.kubernetes.io/default-container` pod annotation [#6055](https://github.com/kumahq/kuma/pull/6055) @michaelbeaumont +* feat(kds): allow running non-tls KDS server [#6145](https://github.com/kumahq/kuma/pull/6145) @slonka +* feat(kds): delta KDS [#6278](https://github.com/kumahq/kuma/pull/6278) [#6358](https://github.com/kumahq/kuma/pull/6358) @lukidzi +* feat(kds): enable nack backoff [#5894](https://github.com/kumahq/kuma/pull/5894) @jakubdyszkiewicz +* feat(kuma-cp): allow Mesh default resources regeneration without deletion and restart [#6223](https://github.com/kumahq/kuma/pull/6223) @michaelbeaumont +* feat(kuma-cp): init container first by default [#5857](https://github.com/kumahq/kuma/pull/5857) @zekth +* feat(kumactl): generate public key command [#5917](https://github.com/kumahq/kuma/pull/5917) @jakubdyszkiewicz +* feat(kumactl): remove ca-cert or skip-verify requirement [#6140](https://github.com/kumahq/kuma/pull/6140) @jakubdyszkiewicz +* feat(persistence): change lib/pq to pgx [#6257](https://github.com/kumahq/kuma/pull/6257) @slonka +* feat(persistence): create pgx store [#6359](https://github.com/kumahq/kuma/pull/6359) [#6457](https://github.com/kumahq/kuma/pull/6457) @slonka +* feat(policies): extend policy matching API to work with egress and external services [#6379](https://github.com/kumahq/kuma/pull/6379) @lobkovilya +* feat(policies): implement MeshLoadBalancingStrategy [#6117](https://github.com/kumahq/kuma/pull/6117) [#6163](https://github.com/kumahq/kuma/pull/6163) [#6202](https://github.com/kumahq/kuma/pull/6202) [#6390](https://github.com/kumahq/kuma/pull/6390) @lobkovilya +* feat(tokens): allow kid to be a string [#5944](https://github.com/kumahq/kuma/pull/5944) @jakubdyszkiewicz +* feat(tokens): issue tokens offline [#5919](https://github.com/kumahq/kuma/pull/5919) @jakubdyszkiewicz +* feat(tokens): offline validation [#6085](https://github.com/kumahq/kuma/pull/6085) @jakubdyszkiewicz +* feat(tproxy): make tproxy v2 and CNI v2 default [#6083](https://github.com/kumahq/kuma/pull/6083) @bartsmykla +* fix(GatewayAPI): always set an explicit HTTPRoute Parents in status [#6367](https://github.com/kumahq/kuma/pull/6367) @michaelbeaumont +* fix(GatewayAPI): correctly handle invalid backendRefs [#6428](https://github.com/kumahq/kuma/pull/6428) @michaelbeaumont +* fix(MeshHTTPRoute): filter URLRewrite should be configured with ClusterSpecifier [#5920](https://github.com/kumahq/kuma/pull/5920) @lobkovilya +* fix(MeshRetry): guard against multiple previous priorities [#6496](https://github.com/kumahq/kuma/pull/6496) @johnharris85 +* fix(MeshTimeout): apply MeshTimeout defaults when one of `from` or `to` section is missing [#5902](https://github.com/kumahq/kuma/pull/5902) @Automaat +* fix(ca/builtin): be less verbose when creating CA secrets [#6217](https://github.com/kumahq/kuma/pull/6217) @michaelbeaumont +* fix(docker): set `SHELL` to an existing binary [#6192](https://github.com/kumahq/kuma/pull/6192) @michaelbeaumont +* fix(docker): use no ssl image [#5560](https://github.com/kumahq/kuma/pull/5560) @slonka +* fix(helm): add appProtocol to services we create [#6157](https://github.com/kumahq/kuma/pull/6157) @lahabana +* fix(helm): don't include taint controller env when cni disabled [#6148](https://github.com/kumahq/kuma/pull/6148) @lukidzi +* fix(helm): dont specify a default type for extraSecrets [#5932](https://github.com/kumahq/kuma/pull/5932) @wheelerlaw +* fix(helm): make it possible to use custom CA in egress and ingress [#5980](https://github.com/kumahq/kuma/pull/5980) @lahabana +* fix(helm): postgres client cert setup [#6335](https://github.com/kumahq/kuma/pull/6335) @slonka +* fix(helm): remove universal on kubernetes env vars that are supposed to be provided via secrets [#5938](https://github.com/kumahq/kuma/pull/5938) @slonka +* fix(helm): security contexts for ebpf cleanup hook [#6235](https://github.com/kumahq/kuma/pull/6235) @bartsmykla +* fix(helm): set CP memory limits, by default equal to memory request, set CP CPU requests [#6127](https://github.com/kumahq/kuma/pull/6127) @michaelbeaumont +* fix(helm): set migration container resources and securityContext [#6255](https://github.com/kumahq/kuma/pull/6255) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsNonRoot, create a ServiceAccount in correct release namespace [#6121](https://github.com/kumahq/kuma/pull/6121) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments [#6164](https://github.com/kumahq/kuma/pull/6164) @michaelbeaumont +* fix(helm): upgrade CRDs instead of installing missing CRDs [#6403](https://github.com/kumahq/kuma/pull/6403) @jakubdyszkiewicz +* fix(helm): use emptyDir at /tmp with CP [#6162](https://github.com/kumahq/kuma/pull/6162) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 [#6374](https://github.com/kumahq/kuma/pull/6374) @jakubdyszkiewicz +* fix(kuma-cp): allow names of the resource to be longer and validate the length [#6123](https://github.com/kumahq/kuma/pull/6123) @lukidzi +* fix(kuma-cp): change default value for KubeOutboundsAsVIPs [#6057](https://github.com/kumahq/kuma/pull/6057) @Automaat +* fix(kuma-cp): change validation of resources synced to global [#6178](https://github.com/kumahq/kuma/pull/6178) @jakubdyszkiewicz +* fix(kuma-cp): don't let CA requests for other meshes block generation [#6282](https://github.com/kumahq/kuma/pull/6282) @michaelbeaumont +* fix(kuma-cp): traffic split with internal and external service [#5904](https://github.com/kumahq/kuma/pull/5904) @lobkovilya +* fix(kuma-cp): zone ingress mixes services with the same name in different meshes [#6364](https://github.com/kumahq/kuma/pull/6364) @lobkovilya +* fix(kumactl): don't check compatibility when talking to a preview version [#6143](https://github.com/kumahq/kuma/pull/6143) @lahabana +* fix(policy): merging of policies results in not applying policy on some outbounds [#6460](https://github.com/kumahq/kuma/pull/6460) @jakubdyszkiewicz +* fix(tproxy): allow disabling ipv6 for tproxy [#5923](https://github.com/kumahq/kuma/pull/5923) @bartsmykla + + +## 2.0.4 +> Released on 2023/04/07 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6238](https://github.com/kumahq/kuma/pull/6238) @mergify +* chore(deps): bump gorestful and jwt [#6221](https://github.com/kumahq/kuma/pull/6221) @lahabana +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6206](https://github.com/kumahq/kuma/pull/6206) @mergify +* chore(deps): security update [#6063](https://github.com/kumahq/kuma/pull/6063) [#6395](https://github.com/kumahq/kuma/pull/6395) [#6472](https://github.com/kumahq/kuma/pull/6472) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6484](https://github.com/kumahq/kuma/pull/6484) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6377](https://github.com/kumahq/kuma/pull/6377) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6467](https://github.com/kumahq/kuma/pull/6467) @mergify + + +## 2.1.2 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6237](https://github.com/kumahq/kuma/pull/6237) @mergify +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6205](https://github.com/kumahq/kuma/pull/6205) @mergify +* chore(deps): security update [#6062](https://github.com/kumahq/kuma/pull/6062) [#6392](https://github.com/kumahq/kuma/pull/6392) [#6471](https://github.com/kumahq/kuma/pull/6471) @kumahq +* chore(deps): upgrade envoy to v1.22.10 [#6483](https://github.com/kumahq/kuma/pull/6483) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6376](https://github.com/kumahq/kuma/pull/6376) @mergify +* fix(kuma-cp): add components in runtime (backport #6350) [#6381](https://github.com/kumahq/kuma/pull/6381) @mergify +* fix(kuma-cp): don't let CA requests for other meshes block generation (backport #6282) [#6284](https://github.com/kumahq/kuma/pull/6284) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6466](https://github.com/kumahq/kuma/pull/6466) @mergify + + +## 1.8.5 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6239](https://github.com/kumahq/kuma/pull/6239) @mergify +* chore(deps): bump gorestful and jwt [#6203](https://github.com/kumahq/kuma/pull/6203) @lahabana +* chore(deps): security update [#6059](https://github.com/kumahq/kuma/pull/6059) [#6396](https://github.com/kumahq/kuma/pull/6396) [#6468](https://github.com/kumahq/kuma/pull/6468) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6485](https://github.com/kumahq/kuma/pull/6485) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6378](https://github.com/kumahq/kuma/pull/6378) @mergify + + +## 1.7.6 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6240](https://github.com/kumahq/kuma/pull/6240) @mergify +* chore(deps): bump gorestful and jwt (backport #6203) [#6212](https://github.com/kumahq/kuma/pull/6212) @mergify +* chore(deps): security update [#6058](https://github.com/kumahq/kuma/pull/6058) [#6394](https://github.com/kumahq/kuma/pull/6394) [#6469](https://github.com/kumahq/kuma/pull/6469) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6486](https://github.com/kumahq/kuma/pull/6486) @mergify + + +## 2.1.1 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5985](https://github.com/kumahq/kuma/pull/5985) @mergify +* chore(deps): security update [#5965](https://github.com/kumahq/kuma/pull/5965) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5912](https://github.com/kumahq/kuma/pull/5912) [#5915](https://github.com/kumahq/kuma/pull/5915) [#5977](https://github.com/kumahq/kuma/pull/5977) @kumahq +* feat(api-server): manual mTLS (backport #5979) [#5981](https://github.com/kumahq/kuma/pull/5981) @mergify +* fix(helm): use custom CA in egress and ingress too (backport #5980) [#5993](https://github.com/kumahq/kuma/pull/5993) @mergify +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5953](https://github.com/kumahq/kuma/pull/5953) @mergify + + +## 2.0.3 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5986](https://github.com/kumahq/kuma/pull/5986) @mergify +* chore(deps): security update [#5762](https://github.com/kumahq/kuma/pull/5762) [#5969](https://github.com/kumahq/kuma/pull/5969) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5954](https://github.com/kumahq/kuma/pull/5954) @mergify + + +## 1.8.4 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5987](https://github.com/kumahq/kuma/pull/5987) @mergify +* chore(deps): security update [#5763](https://github.com/kumahq/kuma/pull/5763) [#5963](https://github.com/kumahq/kuma/pull/5963) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5955](https://github.com/kumahq/kuma/pull/5955) @mergify + + +## 1.7.5 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5988](https://github.com/kumahq/kuma/pull/5988) @mergify +* chore(deps): security update [#5766](https://github.com/kumahq/kuma/pull/5766) [#5966](https://github.com/kumahq/kuma/pull/5966) @kumahq + + +## 1.6.5 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5989](https://github.com/kumahq/kuma/pull/5989) @mergify +* chore(deps): security update [#5764](https://github.com/kumahq/kuma/pull/5764) [#5964](https://github.com/kumahq/kuma/pull/5964) @kumahq + + +## 2.1.0 +> Released on 2023/01/30 + +* chore(deps): bump alpine from 3.16.2 to 3.17.0 [#5308](https://github.com/kumahq/kuma/pull/5308) [#5375](https://github.com/kumahq/kuma/pull/5375) @dependabot +* chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 [#5377](https://github.com/kumahq/kuma/pull/5377) @dependabot +* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 [#5457](https://github.com/kumahq/kuma/pull/5457) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 [#5600](https://github.com/kumahq/kuma/pull/5600) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 [#5733](https://github.com/kumahq/kuma/pull/5733) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 [#5277](https://github.com/kumahq/kuma/pull/5277) [#5311](https://github.com/kumahq/kuma/pull/5311) [#5460](https://github.com/kumahq/kuma/pull/5460) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 [#5428](https://github.com/kumahq/kuma/pull/5428) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 [#5310](https://github.com/kumahq/kuma/pull/5310) [#5354](https://github.com/kumahq/kuma/pull/5354) [#5426](https://github.com/kumahq/kuma/pull/5426) [#5542](https://github.com/kumahq/kuma/pull/5542) [#5688](https://github.com/kumahq/kuma/pull/5688) @dependabot,@lahabana +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 [#5298](https://github.com/kumahq/kuma/pull/5298) [#5513](https://github.com/kumahq/kuma/pull/5513) @lukidzi +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 [#5319](https://github.com/kumahq/kuma/pull/5319) [#5351](https://github.com/kumahq/kuma/pull/5351) [#5687](https://github.com/kumahq/kuma/pull/5687) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 [#5275](https://github.com/kumahq/kuma/pull/5275) [#5313](https://github.com/kumahq/kuma/pull/5313) [#5539](https://github.com/kumahq/kuma/pull/5539) [#5789](https://github.com/kumahq/kuma/pull/5789) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 [#5274](https://github.com/kumahq/kuma/pull/5274) [#5323](https://github.com/kumahq/kuma/pull/5323) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 [#5483](https://github.com/kumahq/kuma/pull/5483) [#5523](https://github.com/kumahq/kuma/pull/5523) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 [#5320](https://github.com/kumahq/kuma/pull/5320) [#5353](https://github.com/kumahq/kuma/pull/5353) [#5376](https://github.com/kumahq/kuma/pull/5376) [#5456](https://github.com/kumahq/kuma/pull/5456) [#5526](https://github.com/kumahq/kuma/pull/5526) [#5546](https://github.com/kumahq/kuma/pull/5546) @dependabot +* chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 [#5524](https://github.com/kumahq/kuma/pull/5524) @dependabot +* chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 [#5790](https://github.com/kumahq/kuma/pull/5790) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 [#5273](https://github.com/kumahq/kuma/pull/5273) [#5788](https://github.com/kumahq/kuma/pull/5788) @dependabot +* chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 [#5525](https://github.com/kumahq/kuma/pull/5525) @dependabot +* chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 [#5427](https://github.com/kumahq/kuma/pull/5427) @dependabot +* chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 [#5315](https://github.com/kumahq/kuma/pull/5315) [#5459](https://github.com/kumahq/kuma/pull/5459) [#5623](https://github.com/kumahq/kuma/pull/5623) @dependabot +* chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 [#5312](https://github.com/kumahq/kuma/pull/5312) [#5430](https://github.com/kumahq/kuma/pull/5430) [#5621](https://github.com/kumahq/kuma/pull/5621) @dependabot +* chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 [#5458](https://github.com/kumahq/kuma/pull/5458) [#5624](https://github.com/kumahq/kuma/pull/5624) @dependabot +* chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 [#5325](https://github.com/kumahq/kuma/pull/5325) [#5429](https://github.com/kumahq/kuma/pull/5429) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 [#5352](https://github.com/kumahq/kuma/pull/5352) [#5686](https://github.com/kumahq/kuma/pull/5686) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 [#5592](https://github.com/kumahq/kuma/pull/5592) [#5791](https://github.com/kumahq/kuma/pull/5791) @dependabot +* chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb [#5330](https://github.com/kumahq/kuma/pull/5330) @mmorel-35 +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 [#5328](https://github.com/kumahq/kuma/pull/5328) @mmorel-35 +* chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 [#5316](https://github.com/kumahq/kuma/pull/5316) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 [#5812](https://github.com/kumahq/kuma/pull/5812) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 [#5276](https://github.com/kumahq/kuma/pull/5276) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, [#5541](https://github.com/kumahq/kuma/pull/5541) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 [#5434](https://github.com/kumahq/kuma/pull/5434) [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): install dev tools and split if more repos [#5528](https://github.com/kumahq/kuma/pull/5528) @lukidzi +* chore(deps): security update [#5761](https://github.com/kumahq/kuma/pull/5761) @kumahq +* chore(deps): update coreDNS to 1.10.0 [#5626](https://github.com/kumahq/kuma/pull/5626) @lahabana +* chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove `/tokens` [#5324](https://github.com/kumahq/kuma/pull/5324) @dependabot +* chore(deps): upgrade k3d [#5518](https://github.com/kumahq/kuma/pull/5518) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#5265](https://github.com/kumahq/kuma/pull/5265) [#5272](https://github.com/kumahq/kuma/pull/5272) [#5281](https://github.com/kumahq/kuma/pull/5281) [#5307](https://github.com/kumahq/kuma/pull/5307) [#5321](https://github.com/kumahq/kuma/pull/5321) [#5332](https://github.com/kumahq/kuma/pull/5332) [#5346](https://github.com/kumahq/kuma/pull/5346) [#5371](https://github.com/kumahq/kuma/pull/5371) [#5388](https://github.com/kumahq/kuma/pull/5388) [#5405](https://github.com/kumahq/kuma/pull/5405) [#5484](https://github.com/kumahq/kuma/pull/5484) [#5486](https://github.com/kumahq/kuma/pull/5486) [#5509](https://github.com/kumahq/kuma/pull/5509) [#5572](https://github.com/kumahq/kuma/pull/5572) [#5589](https://github.com/kumahq/kuma/pull/5589) [#5619](https://github.com/kumahq/kuma/pull/5619) [#5628](https://github.com/kumahq/kuma/pull/5628) [#5675](https://github.com/kumahq/kuma/pull/5675) [#5685](https://github.com/kumahq/kuma/pull/5685) [#5700](https://github.com/kumahq/kuma/pull/5700) [#5724](https://github.com/kumahq/kuma/pull/5724) [#5732](https://github.com/kumahq/kuma/pull/5732) [#5737](https://github.com/kumahq/kuma/pull/5737) [#5772](https://github.com/kumahq/kuma/pull/5772) [#5800](https://github.com/kumahq/kuma/pull/5800) [#5805](https://github.com/kumahq/kuma/pull/5805) [#5823](https://github.com/kumahq/kuma/pull/5823) [#5826](https://github.com/kumahq/kuma/pull/5826) [#5843](https://github.com/kumahq/kuma/pull/5843) [#5851](https://github.com/kumahq/kuma/pull/5851) [#5863](https://github.com/kumahq/kuma/pull/5863) [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) @kumahq +* chore(deps): use sigs.k8s.io/yaml [#5215](https://github.com/kumahq/kuma/pull/5215) @mmorel-35 +* feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format [#5302](https://github.com/kumahq/kuma/pull/5302) @mmorel-35 +* feat(MeshGatewayInstance): respect `kuma.io/mesh` label [#5256](https://github.com/kumahq/kuma/pull/5256) @michaelbeaumont +* feat(MeshGatewayRoute): response header filter [#5334](https://github.com/kumahq/kuma/pull/5334) @michaelbeaumont +* feat(api-server): ability to set rootUrl for GUI and API [#5295](https://github.com/kumahq/kuma/pull/5295) @lahabana +* feat(api-server): add name search to dataplane overview [#5340](https://github.com/kumahq/kuma/pull/5340) @lahabana +* feat(api-server): contain matches on name and tags [#5606](https://github.com/kumahq/kuma/pull/5606) @lahabana +* feat(build): consistent docker images [#5343](https://github.com/kumahq/kuma/pull/5343) @slonka +* feat(build): idempotent build [#5291](https://github.com/kumahq/kuma/pull/5291) [#5358](https://github.com/kumahq/kuma/pull/5358) [#5403](https://github.com/kumahq/kuma/pull/5403) [#5404](https://github.com/kumahq/kuma/pull/5404) [#5407](https://github.com/kumahq/kuma/pull/5407) [#5440](https://github.com/kumahq/kuma/pull/5440) @slonka +* feat(gateway): add support for match header PRESENT and ABSENT [#5739](https://github.com/kumahq/kuma/pull/5739) @lahabana +* feat(gui): serve index from all paths without extension [#5357](https://github.com/kumahq/kuma/pull/5357) @lahabana +* feat(helm): add tolerations to Helm chart [#5549](https://github.com/kumahq/kuma/pull/5549) @KrustyHack +* feat(helm): allow injecting env from parent projects [#5677](https://github.com/kumahq/kuma/pull/5677) @slonka +* feat(helm): use object instead of list for plugins.policies [#5735](https://github.com/kumahq/kuma/pull/5735) @michaelbeaumont +* feat(kuma-cp): add possibility to run diagnostics on TLS [#5344](https://github.com/kumahq/kuma/pull/5344) @mmorel-35 +* feat(kuma-cp): added configuration of plugins and its order [#5472](https://github.com/kumahq/kuma/pull/5472) @lukidzi +* feat(kuma-cp): intOrString as decimal in the API [#5768](https://github.com/kumahq/kuma/pull/5768) @jakubdyszkiewicz +* feat(kuma-cp): intercp communication protocol [#5445](https://github.com/kumahq/kuma/pull/5445) [#5492](https://github.com/kumahq/kuma/pull/5492) @jakubdyszkiewicz +* feat(kuma-cp): recover from watchdog panics [#5581](https://github.com/kumahq/kuma/pull/5581) @jakubdyszkiewicz +* feat(kuma-cp): remove value of secret when logging Secret Resources [#5384](https://github.com/kumahq/kuma/pull/5384) @Automaat +* feat(kumactl): added option to install transparent proxy with docker [#5284](https://github.com/kumahq/kuma/pull/5284) @lukidzi +* feat(policy): allow merging by a complex key [#5650](https://github.com/kumahq/kuma/pull/5650) @michaelbeaumont +* feat(policy): append policy slices [#5515](https://github.com/kumahq/kuma/pull/5515) @jakubdyszkiewicz +* feat(policy): don't use protobuf for DataSource in policies [#5668](https://github.com/kumahq/kuma/pull/5668) [#5756](https://github.com/kumahq/kuma/pull/5756) @Automaat +* feat(policy): implement MeshCircuitBreaker policy [#5454](https://github.com/kumahq/kuma/pull/5454) [#5493](https://github.com/kumahq/kuma/pull/5493) [#5651](https://github.com/kumahq/kuma/pull/5651) @bartsmykla,@lobkovilya +* feat(policy): implement MeshFaultInjection policy [#5723](https://github.com/kumahq/kuma/pull/5723) [#5773](https://github.com/kumahq/kuma/pull/5773) @lukidzi +* feat(policy): implement MeshHTTPRoute policy [#5530](https://github.com/kumahq/kuma/pull/5530) [#5625](https://github.com/kumahq/kuma/pull/5625) [#5653](https://github.com/kumahq/kuma/pull/5653) [#5746](https://github.com/kumahq/kuma/pull/5746) @michaelbeaumont,@slonka +* feat(policy): implement MeshHealthCheck policy [#5369](https://github.com/kumahq/kuma/pull/5369) [#5415](https://github.com/kumahq/kuma/pull/5415) [#5503](https://github.com/kumahq/kuma/pull/5503) [#5654](https://github.com/kumahq/kuma/pull/5654) [#5713](https://github.com/kumahq/kuma/pull/5713) [#5722](https://github.com/kumahq/kuma/pull/5722) @lahabana,@lobkovilya,@michaelbeaumont,@slonka +* feat(policy): implement MeshProxyPatch policy [#5578](https://github.com/kumahq/kuma/pull/5578) [#5604](https://github.com/kumahq/kuma/pull/5604) @jakubdyszkiewicz +* feat(policy): implement MeshRateLimit policy [#5362](https://github.com/kumahq/kuma/pull/5362) [#5463](https://github.com/kumahq/kuma/pull/5463) [#5710](https://github.com/kumahq/kuma/pull/5710) [#5742](https://github.com/kumahq/kuma/pull/5742) @lobkovilya,@lukidzi +* feat(policy): implement MeshRetry policy [#5478](https://github.com/kumahq/kuma/pull/5478) [#5522](https://github.com/kumahq/kuma/pull/5522) [#5583](https://github.com/kumahq/kuma/pull/5583) [#5749](https://github.com/kumahq/kuma/pull/5749) [#5808](https://github.com/kumahq/kuma/pull/5808) @lobkovilya,@slonka +* feat(policy): implement MeshTimeout policy [#5294](https://github.com/kumahq/kuma/pull/5294) [#5364](https://github.com/kumahq/kuma/pull/5364) [#5568](https://github.com/kumahq/kuma/pull/5568) @Automaat,@michaelbeaumont +* feat(policy): improve rules api [#5785](https://github.com/kumahq/kuma/pull/5785) @lahabana +* feat(policy): validate schema only during the user's input unmarshal [#5566](https://github.com/kumahq/kuma/pull/5566) @lobkovilya +* feat(security): add dependabot security updates to release branches [#5731](https://github.com/kumahq/kuma/pull/5731) [#5734](https://github.com/kumahq/kuma/pull/5734) [#5758](https://github.com/kumahq/kuma/pull/5758) [#5767](https://github.com/kumahq/kuma/pull/5767) [#5778](https://github.com/kumahq/kuma/pull/5778) [#5783](https://github.com/kumahq/kuma/pull/5783) @slonka +* fix(MeshAccessLog): update API to align with the memo [#5580](https://github.com/kumahq/kuma/pull/5580) @lobkovilya +* fix(MeshGateway): properly apply Service template annotations to existing Service [#5674](https://github.com/kumahq/kuma/pull/5674) @michaelbeaumont +* fix(MeshTrace): adjust MeshTrace to follow the memo [#5743](https://github.com/kumahq/kuma/pull/5743) @lobkovilya +* fix(api-server): fix tags filter value with `:` [#5339](https://github.com/kumahq/kuma/pull/5339) @lahabana +* fix(api-server): remove spec from inspect policy output [#5491](https://github.com/kumahq/kuma/pull/5491) @lahabana +* fix(api-server): return 400 on invalid resource name [#5719](https://github.com/kumahq/kuma/pull/5719) @lahabana +* fix(gateway): be more lenient with prefix paths trailing slashes [#5299](https://github.com/kumahq/kuma/pull/5299) @michaelbeaumont +* fix(gui): add version and basedOnKuma to index.html [#5448](https://github.com/kumahq/kuma/pull/5448) @lahabana +* fix(kuma-cp): add option to disable `sslsni` in universal [#5318](https://github.com/kumahq/kuma/pull/5318) @michaelbeaumont +* fix(kuma-cp): allow to set policies order from others projects [#5535](https://github.com/kumahq/kuma/pull/5535) @lukidzi +* fix(kuma-cp): change way of setting if resource is read only [#5345](https://github.com/kumahq/kuma/pull/5345) @lukidzi +* fix(kuma-cp): concurrent mesh cache map write [#5282](https://github.com/kumahq/kuma/pull/5282) @michaelbeaumont +* fix(kuma-cp): don't cache filtered data [#5574](https://github.com/kumahq/kuma/pull/5574) @lukidzi +* fix(kuma-cp): filtering of name prefix on K8S [#5517](https://github.com/kumahq/kuma/pull/5517) @jakubdyszkiewicz +* fix(kuma-cp): fix appending of pointer to slice in policies config [#5784](https://github.com/kumahq/kuma/pull/5784) @Automaat +* fix(kuma-cp): fix kafka_type tag creation regex [#5507](https://github.com/kumahq/kuma/pull/5507) @Automaat +* fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList [#5423](https://github.com/kumahq/kuma/pull/5423) @Automaat +* fix(kuma-cp): forward envoy admin operations to proper instance [#5466](https://github.com/kumahq/kuma/pull/5466) @jakubdyszkiewicz +* fix(kuma-cp): increase kuma-init memory limit when using ebpf [#5579](https://github.com/kumahq/kuma/pull/5579) @lukidzi +* fix(kuma-cp): kds deadlock [#5373](https://github.com/kumahq/kuma/pull/5373) @jakubdyszkiewicz +* fix(kuma-cp): make validate list aware of the mesh [#5280](https://github.com/kumahq/kuma/pull/5280) @slonka +* fix(kuma-cp): memory store keeps children after owner update [#5372](https://github.com/kumahq/kuma/pull/5372) @jakubdyszkiewicz +* fix(kuma-cp): only put policies in MeshInsight [#5577](https://github.com/kumahq/kuma/pull/5577) @lahabana +* fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob [#5569](https://github.com/kumahq/kuma/pull/5569) @lukidzi +* fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address [#5347](https://github.com/kumahq/kuma/pull/5347) @jamesdbloom +* fix(kuma-cp): warn when using deprecated token id [#5520](https://github.com/kumahq/kuma/pull/5520) @lahabana +* fix(kuma-dp): allow to configure address of application to scrape [#5326](https://github.com/kumahq/kuma/pull/5326) @lukidzi +* fix(kuma-dp): tolerate endline in token file [#5591](https://github.com/kumahq/kuma/pull/5591) @lahabana +* fix(kumactl): remove PodSecurityPolicy from install observability [#5382](https://github.com/kumahq/kuma/pull/5382) @michaelbeaumont +* fix(kumactl): set klog to avoid logs from k8s [#5590](https://github.com/kumahq/kuma/pull/5590) @lahabana +* fix(kumactl): use the same client in `kumactl apply` [#5327](https://github.com/kumahq/kuma/pull/5327) @lahabana +* fix(policy): change percentage field from int to intOrString [#5810](https://github.com/kumahq/kuma/pull/5810) @lukidzi +* fix(policy): fix schema.yaml to have correct metadata [#5349](https://github.com/kumahq/kuma/pull/5349) @lahabana +* fix(policy): make targetRef required [#5593](https://github.com/kumahq/kuma/pull/5593) @AyushSenapati +* fix(policy): remove superfluous var usage [#5627](https://github.com/kumahq/kuma/pull/5627) @AyushSenapati +* fix(policy): use GatewayAPI style header modifier in all policies [#5757](https://github.com/kumahq/kuma/pull/5757) @lahabana +* fix(policy): use PascalCase for all constants [#5747](https://github.com/kumahq/kuma/pull/5747) @lahabana +* fix(universal): don't set sslsni option if not disabled (backport #5419) [#5439](https://github.com/kumahq/kuma/pull/5439) @mergify +* fix(xds): don't read metadata in ProxyBuilders [#5414](https://github.com/kumahq/kuma/pull/5414) @lahabana +* fix(xds): sort resources when building MeshContext [#5391](https://github.com/kumahq/kuma/pull/5391) @lobkovilya + +## 1.5.4 +> Released on 2023/01/12 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5602](https://github.com/kumahq/kuma/pull/5602) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5659](https://github.com/kumahq/kuma/pull/5659) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5642](https://github.com/kumahq/kuma/pull/5642) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5622](https://github.com/kumahq/kuma/pull/5622) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5613](https://github.com/kumahq/kuma/pull/5613) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5636](https://github.com/kumahq/kuma/pull/5636) @mergify + +## 2.0.2 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5597](https://github.com/kumahq/kuma/pull/5597) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5655](https://github.com/kumahq/kuma/pull/5655) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5616](https://github.com/kumahq/kuma/pull/5616) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5609](https://github.com/kumahq/kuma/pull/5609) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5632](https://github.com/kumahq/kuma/pull/5632) @mergify + +## 1.8.3 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5598](https://github.com/kumahq/kuma/pull/5598) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5656](https://github.com/kumahq/kuma/pull/5656) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5617](https://github.com/kumahq/kuma/pull/5617) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5610](https://github.com/kumahq/kuma/pull/5610) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5633](https://github.com/kumahq/kuma/pull/5633) @mergify + +## 1.7.4 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5599](https://github.com/kumahq/kuma/pull/5599) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5657](https://github.com/kumahq/kuma/pull/5657) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5640](https://github.com/kumahq/kuma/pull/5640) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5618](https://github.com/kumahq/kuma/pull/5618) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5611](https://github.com/kumahq/kuma/pull/5611) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5634](https://github.com/kumahq/kuma/pull/5634) @mergify + +## 1.6.4 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5601](https://github.com/kumahq/kuma/pull/5601) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5658](https://github.com/kumahq/kuma/pull/5658) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5641](https://github.com/kumahq/kuma/pull/5641) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5620](https://github.com/kumahq/kuma/pull/5620) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5612](https://github.com/kumahq/kuma/pull/5612) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5635](https://github.com/kumahq/kuma/pull/5635) @mergify + +## 2.0.1 +> Released on 2022/12/05 + +* chore: back-ports api base path fix [#5341](https://github.com/kumahq/kuma/pull/5341) @kleinfreund +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5392](https://github.com/kumahq/kuma/pull/5392) @mergify +* fix(kuma-cp): add option to disable `sslsni` in universal (backport #5318) [#5322](https://github.com/kumahq/kuma/pull/5322) @mergify +* fix(kuma-cp): change way of setting if resource is read only (backport #5345) [#5348](https://github.com/kumahq/kuma/pull/5348) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5397](https://github.com/kumahq/kuma/pull/5397) @mergify +* fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) [#5378](https://github.com/kumahq/kuma/pull/5378) @mergify +* fix(xds): don't read metadata in ProxyBuilders (backport #5414) [#5416](https://github.com/kumahq/kuma/pull/5416) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5409](https://github.com/kumahq/kuma/pull/5409) @mergify + +## 1.8.2 +> Released on 2022/12/05 + +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5393](https://github.com/kumahq/kuma/pull/5393) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5398](https://github.com/kumahq/kuma/pull/5398) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5410](https://github.com/kumahq/kuma/pull/5410) @mergify + +## 2.0.0 +> Released on 2022/11/04 +* chore(.github): remove old release workflow [#4836](https://github.com/kumahq/kuma/pull/4836) @lobkovilya +* chore(api): remove DENY_WITH_SHADOW_ALLOW [#5220](https://github.com/kumahq/kuma/pull/5220) @lobkovilya +* chore(api): remove unused method and types [#5148](https://github.com/kumahq/kuma/pull/5148) @lobkovilya +* chore(api): remove unused timestamp.proto import [#4906](https://github.com/kumahq/kuma/pull/4906) @michaelbeaumont +* chore(api): skip Compute when building inbound access logs [#5181](https://github.com/kumahq/kuma/pull/5181) @jakubdyszkiewicz +* chore(bootstrap): improve validator policy bootstrap [#5014](https://github.com/kumahq/kuma/pull/5014) @lahabana +* chore(deps): bump actions/setup-go from 2 to 3 [#5024](https://github.com/kumahq/kuma/pull/5024) @dependabot +* chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 [#5239](https://github.com/kumahq/kuma/pull/5239) @dependabot +* chore(deps): bump github.com/Masterminds/sprig to 3.2.2 [#5190](https://github.com/kumahq/kuma/pull/5190) @mmorel-35 +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 [#5023](https://github.com/kumahq/kuma/pull/5023) [#5067](https://github.com/kumahq/kuma/pull/5067) [#5131](https://github.com/kumahq/kuma/pull/5131) @dependabot +* chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 [#4996](https://github.com/kumahq/kuma/pull/4996) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 [#4969](https://github.com/kumahq/kuma/pull/4969) [#4993](https://github.com/kumahq/kuma/pull/4993) [#5162](https://github.com/kumahq/kuma/pull/5162) @dependabot +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 [#5188](https://github.com/kumahq/kuma/pull/5188) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 [#4995](https://github.com/kumahq/kuma/pull/4995) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 [#4939](https://github.com/kumahq/kuma/pull/4939) [#4949](https://github.com/kumahq/kuma/pull/4949) [#5021](https://github.com/kumahq/kuma/pull/5021) [#5145](https://github.com/kumahq/kuma/pull/5145) [#5204](https://github.com/kumahq/kuma/pull/5204) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 [#4933](https://github.com/kumahq/kuma/pull/4933) [#4970](https://github.com/kumahq/kuma/pull/4970) [#5133](https://github.com/kumahq/kuma/pull/5133) [#5146](https://github.com/kumahq/kuma/pull/5146) [#5240](https://github.com/kumahq/kuma/pull/5240) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 [#5203](https://github.com/kumahq/kuma/pull/5203) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 [#4887](https://github.com/kumahq/kuma/pull/4887) [#5134](https://github.com/kumahq/kuma/pull/5134) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 [#5155](https://github.com/kumahq/kuma/pull/5155) [#5241](https://github.com/kumahq/kuma/pull/5241) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 [#4994](https://github.com/kumahq/kuma/pull/4994) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 [#5020](https://github.com/kumahq/kuma/pull/5020) [#5205](https://github.com/kumahq/kuma/pull/5205) @dependabot +* chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 [#4930](https://github.com/kumahq/kuma/pull/4930) @dependabot +* chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 [#5147](https://github.com/kumahq/kuma/pull/5147) [#5163](https://github.com/kumahq/kuma/pull/5163) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 [#4927](https://github.com/kumahq/kuma/pull/4927) [#5132](https://github.com/kumahq/kuma/pull/5132) [#5156](https://github.com/kumahq/kuma/pull/5156) @dependabot +* chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 [#4934](https://github.com/kumahq/kuma/pull/4934) [#5026](https://github.com/kumahq/kuma/pull/5026) [#5153](https://github.com/kumahq/kuma/pull/5153) @michaelbeaumont +* chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 [#5062](https://github.com/kumahq/kuma/pull/5062) @dependabot +* chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb [#4842](https://github.com/kumahq/kuma/pull/4842) [#4925](https://github.com/kumahq/kuma/pull/4925) [#5092](https://github.com/kumahq/kuma/pull/5092) [#5106](https://github.com/kumahq/kuma/pull/5106) [#5109](https://github.com/kumahq/kuma/pull/5109) [#5139](https://github.com/kumahq/kuma/pull/5139) [#5141](https://github.com/kumahq/kuma/pull/5141) [#5167](https://github.com/kumahq/kuma/pull/5167) [#5179](https://github.com/kumahq/kuma/pull/5179) [#5197](https://github.com/kumahq/kuma/pull/5197) [#5214](https://github.com/kumahq/kuma/pull/5214) [#5232](https://github.com/kumahq/kuma/pull/5232) [#5234](https://github.com/kumahq/kuma/pull/5234) [#5248](https://github.com/kumahq/kuma/pull/5248) [#5251](https://github.com/kumahq/kuma/pull/5251) @kleinfreund,@kumahq +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 [#4968](https://github.com/kumahq/kuma/pull/4968) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 [#5059](https://github.com/kumahq/kuma/pull/5059) @dependabot +* chore(deps): update kuma-grafana-datasource [#4856](https://github.com/kumahq/kuma/pull/4856) @bartsmykla +* chore(gateway): remove invalid options for MeshGatewayRoute [#4890](https://github.com/kumahq/kuma/pull/4890) @michaelbeaumont +* chore(gui): removes update/gui command [#4954](https://github.com/kumahq/kuma/pull/4954) @kleinfreund +* chore(helm): remove unused `critical-pod` annotation [#4952](https://github.com/kumahq/kuma/pull/4952) @michaelbeaumont +* chore(helm): switch merbridge image registry to upstream [#4838](https://github.com/kumahq/kuma/pull/4838) @bartsmykla +* chore(kuma-cp): adjust timeout in cp probes [#4983](https://github.com/kumahq/kuma/pull/4983) @jakubdyszkiewicz +* chore(kuma-cp): config cleanup [#4855](https://github.com/kumahq/kuma/pull/4855) @jakubdyszkiewicz +* chore(kuma-cp): improve logging in K8S controllers [#4982](https://github.com/kumahq/kuma/pull/4982) @jakubdyszkiewicz +* chore(kuma-cp): improve test xds client [#4976](https://github.com/kumahq/kuma/pull/4976) @jakubdyszkiewicz +* chore(kuma-cp): remove disabling metrics from kuma-cp.defaults [#4894](https://github.com/kumahq/kuma/pull/4894) @lahabana +* chore(kuma-cp): resource manager wrapper [#5057](https://github.com/kumahq/kuma/pull/5057) @jakubdyszkiewicz +* chore(kuma-init): use iptables-legacy in kuma-init [#5040](https://github.com/kumahq/kuma/pull/5040) @bartsmykla +* chore(pkg/gc): don't rely on core.Now var for time [#4918](https://github.com/kumahq/kuma/pull/4918) @lahabana +* chore(plugins): remove some unecessary interfaces and methods [#4997](https://github.com/kumahq/kuma/pull/4997) @lahabana +* chore(proto): remove protos for new policies [#5218](https://github.com/kumahq/kuma/pull/5218) @lobkovilya +* chore(test): added resource builder [#5123](https://github.com/kumahq/kuma/pull/5123) [#5195](https://github.com/kumahq/kuma/pull/5195) @jakubdyszkiewicz +* chore(test): added support for GRPC to test-server [#4904](https://github.com/kumahq/kuma/pull/4904) @lobkovilya +* chore(test): make unit test compatible with IPV6 host [#5198](https://github.com/kumahq/kuma/pull/5198) @jakubdyszkiewicz +* chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match [#4953](https://github.com/kumahq/kuma/pull/4953) @michaelbeaumont +* docs(MADR): new tracing policy proposal [#4938](https://github.com/kumahq/kuma/pull/4938) @michaelbeaumont +* docs(MADR): update MADR 007 [#5129](https://github.com/kumahq/kuma/pull/5129) @lobkovilya +* docs(gateway): explain the semantics of a PREFIX match [#5013](https://github.com/kumahq/kuma/pull/5013) @michaelbeaumont +* docs(gateway): explain the semantics of a prefix rewrite to / [#5016](https://github.com/kumahq/kuma/pull/5016) @michaelbeaumont +* docs(proto): fixed default serviceAddress and upgrade docs [#5236](https://github.com/kumahq/kuma/pull/5236) @lukidzi +* docs(proto): rewrite dataplane proto docs [#5219](https://github.com/kumahq/kuma/pull/5219) @jakubdyszkiewicz +* feat(ebpf): CNI uses libbpf CO:RE [#5233](https://github.com/kumahq/kuma/pull/5233) @lukidzi +* feat(ebpf): refactor merbridge using libbpf with CO:RE [#5034](https://github.com/kumahq/kuma/pull/5034) @bartsmykla +* feat(ebpf): transparent proxy with eBPF in init containers [#4919](https://github.com/kumahq/kuma/pull/4919) [#5046](https://github.com/kumahq/kuma/pull/5046) [#5066](https://github.com/kumahq/kuma/pull/5066) [#5095](https://github.com/kumahq/kuma/pull/5095) @bartsmykla +* feat(gateway): add MeshGateway support to MeshAccessLog [#5101](https://github.com/kumahq/kuma/pull/5101) @michaelbeaumont +* feat(gateway): add `crossMesh` to `MeshGatewayConfig` [#5183](https://github.com/kumahq/kuma/pull/5183) @michaelbeaumont +* feat(gateway): add service-upstream annotation for delegated nginx [#4913](https://github.com/kumahq/kuma/pull/4913) @michaelbeaumont +* feat(gateway): install `kuma` `GatewayClass` if gateway API CRDs present [#5001](https://github.com/kumahq/kuma/pull/5001) @michaelbeaumont +* feat(gateway): match new policies to MeshGateways [#5110](https://github.com/kumahq/kuma/pull/5110) @michaelbeaumont +* feat(inspect): implement rule-based view for new policies [#5000](https://github.com/kumahq/kuma/pull/5000) [#5184](https://github.com/kumahq/kuma/pull/5184) [#5189](https://github.com/kumahq/kuma/pull/5189) [#5202](https://github.com/kumahq/kuma/pull/5202) @jakubdyszkiewicz,@lobkovilya +* feat(kuma-cp): add flag to disable taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* feat(kuma-cp): add possibility to restrict TLS version and ciphers [#5186](https://github.com/kumahq/kuma/pull/5186) @lahabana +* feat(kuma-cp): add possibility to run MADS on TLS [#5210](https://github.com/kumahq/kuma/pull/5210) @lahabana +* feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination [#5063](https://github.com/kumahq/kuma/pull/5063) @Automaat +* feat(kuma-cp): added validation for backend name [#5081](https://github.com/kumahq/kuma/pull/5081) @Automaat +* feat(kuma-cp): created default control plane user [#5064](https://github.com/kumahq/kuma/pull/5064) @jakubdyszkiewicz +* feat(kuma-cp): extensible token issuers [#5083](https://github.com/kumahq/kuma/pull/5083) @jakubdyszkiewicz +* feat(kuma-cp): move Mesh Cache to runtime [#5140](https://github.com/kumahq/kuma/pull/5140) @Automaat +* feat(kuma-cp): universal resources schema validation [#5107](https://github.com/kumahq/kuma/pull/5107) @slonka +* feat(kuma-cp): use zone token to auth zone ingress [#5103](https://github.com/kumahq/kuma/pull/5103) @jakubdyszkiewicz +* feat(kuma-dp): publish metrics with text_readouts from envoy [#5159](https://github.com/kumahq/kuma/pull/5159) @Automaat +* feat(kumactl): add option to install with experimental transparent proxy [#4958](https://github.com/kumahq/kuma/pull/4958) @michaelbeaumont +* feat(kumactl): use exclude ports for uids from kuma-net [#4975](https://github.com/kumahq/kuma/pull/4975) @slonka +* feat(policy): Add MeshAccessLog policy [#4908](https://github.com/kumahq/kuma/pull/4908) [#4998](https://github.com/kumahq/kuma/pull/4998) [#5035](https://github.com/kumahq/kuma/pull/5035) [#5168](https://github.com/kumahq/kuma/pull/5168) [#5177](https://github.com/kumahq/kuma/pull/5177) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrace policy [#5069](https://github.com/kumahq/kuma/pull/5069) [#5085](https://github.com/kumahq/kuma/pull/5085) [#5243](https://github.com/kumahq/kuma/pull/5243) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrafficPermission policy [#4835](https://github.com/kumahq/kuma/pull/4835) [#5009](https://github.com/kumahq/kuma/pull/5009) [#5075](https://github.com/kumahq/kuma/pull/5075) @lobkovilya +* feat(policy): add interfaces for policy plugins [#4909](https://github.com/kumahq/kuma/pull/4909) @lahabana +* feat(policy): reimplemented matching for new policies [#4780](https://github.com/kumahq/kuma/pull/4780) [#4950](https://github.com/kumahq/kuma/pull/4950) [#4957](https://github.com/kumahq/kuma/pull/4957) [#4977](https://github.com/kumahq/kuma/pull/4977) [#5068](https://github.com/kumahq/kuma/pull/5068) [#5084](https://github.com/kumahq/kuma/pull/5084) [#5166](https://github.com/kumahq/kuma/pull/5166) [#5172](https://github.com/kumahq/kuma/pull/5172) [#5174](https://github.com/kumahq/kuma/pull/5174) @lahabana,@lobkovilya +* feat(service-insights): add external service in api [#5119](https://github.com/kumahq/kuma/pull/5119) @lahabana +* fix(.github): links in PR template [#4905](https://github.com/kumahq/kuma/pull/4905) @michaelbeaumont +* fix(.github): use github app in pr-comment action [#5164](https://github.com/kumahq/kuma/pull/5164) @lahabana +* fix(api): nil dereference in MeshAccessLog configurer [#5258](https://github.com/kumahq/kuma/pull/5258) @lobkovilya +* fix(cni): add empty registry to experimental cni [#4847](https://github.com/kumahq/kuma/pull/4847) @slonka +* fix(cni): hook up log level to cni [#4849](https://github.com/kumahq/kuma/pull/4849) @slonka +* fix(cni): make cni logs available via kubectl logs [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* fix(cni): retry loading images [#4860](https://github.com/kumahq/kuma/pull/4860) @slonka +* fix(docs): fixed location of developer tools in DEVELOPER.md docs [#4988](https://github.com/kumahq/kuma/pull/4988) @Automaat +* fix(gateway): add support for retryOn [#5091](https://github.com/kumahq/kuma/pull/5091) @lahabana +* fix(gateway): cross-mesh gateways with same service [#5247](https://github.com/kumahq/kuma/pull/5247) @michaelbeaumont +* fix(gateway): don't create invalid envoy config when routes and listeners don't match [#4837](https://github.com/kumahq/kuma/pull/4837) @michaelbeaumont +* fix(gateway): route URL prefix rewriting [#5006](https://github.com/kumahq/kuma/pull/5006) @michaelbeaumont +* fix(gateway): skip ExternalService if none match [#5207](https://github.com/kumahq/kuma/pull/5207) @michaelbeaumont +* fix(gateway): sort routes [#5007](https://github.com/kumahq/kuma/pull/5007) @michaelbeaumont +* fix(gatewayapi): don't NPE if the `GatewayClass` ref doesn't exist [#5187](https://github.com/kumahq/kuma/pull/5187) @michaelbeaumont +* fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes [#4944](https://github.com/kumahq/kuma/pull/4944) @michaelbeaumont +* fix(gatewayapi): update gateway-api and fix failing RouteKind tests [#5175](https://github.com/kumahq/kuma/pull/5175) @michaelbeaumont +* fix(helm): customize location of kuma-init repository for ebpf cleanup [#5230](https://github.com/kumahq/kuma/pull/5230) @lukidzi +* fix(helm): use `podAnnotations` everywhere possible [#4991](https://github.com/kumahq/kuma/pull/4991) @lahabana +* fix(kuma-cp): collapsed grafana dashboards [#4839](https://github.com/kumahq/kuma/pull/4839) @jakubdyszkiewicz +* fix(kuma-cp): deep copy tags when gen. outbounds [#5070](https://github.com/kumahq/kuma/pull/5070) @bartsmykla +* fix(kuma-cp): disable statsForAllMethods in grpc stats [#5226](https://github.com/kumahq/kuma/pull/5226) @jakubdyszkiewicz +* fix(kuma-cp): do not override source address when TP is not enabled [#4951](https://github.com/kumahq/kuma/pull/4951) @lukidzi +* fix(kuma-cp): multiple external services pointing to same address [#5185](https://github.com/kumahq/kuma/pull/5185) @slonka +* fix(kuma-cp): override grafana plugin files by default [#5208](https://github.com/kumahq/kuma/pull/5208) @slonka +* fix(kuma-cp): reissue admin tls cert on dp address change [#5222](https://github.com/kumahq/kuma/pull/5222) @jakubdyszkiewicz +* fix(kuma-cp): remove Dataplane for Pod without IP [#4964](https://github.com/kumahq/kuma/pull/4964) @jakubdyszkiewicz +* fix(kuma-cp): return content type of inspect endpoints [#4965](https://github.com/kumahq/kuma/pull/4965) @jakubdyszkiewicz +* fix(kuma-dp): resilient TCP access log streamer [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz +* fix(kumactl): get APIVersions from k8s server [#5182](https://github.com/kumahq/kuma/pull/5182) @michaelbeaumont +* fix(tools): add 'v' prefix to preview version format [#5004](https://github.com/kumahq/kuma/pull/5004) @michaelbeaumont +* fix(tools): support both GitHub app tokens and PATs [#4869](https://github.com/kumahq/kuma/pull/4869) @michaelbeaumont +* perf(kuma-cp): avoid rebuilding endpoint map [#4974](https://github.com/kumahq/kuma/pull/4974) @jakubdyszkiewicz +* refactor(kuma-dp): add xds authentication customization [#4990](https://github.com/kumahq/kuma/pull/4990) @michaelbeaumont + +## 1.8.1 +> Released on 2022/10/07 +* fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/4980 +* fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5071 +* fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098 + +## 1.7.2 +> Released on 2022/10/06 +* fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604 +* chore(helm): update to 1.7.1 by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4603 +* Revert "fix(helm): always run Helm version update (#4604)" by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5072 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096 + + +## 1.6.2 +> Released on 2022/10/06 +* fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4593 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5090 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5097 + + +## 1.8.0 +> Released on 2022/08/22 + +### New features: + +CNI v2 with lots of improvements: + +* taint controller to prevent race condition [#4650](https://github.com/kumahq/kuma/pull/4650) @slonka +* all logs are easily accessible via `kubectl logs` command which greatly simplifies observability [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* it uses new transparent engine implemented in kuma-net [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka + +URL rewrite in Builtin Gateway: + +* support URL rewriting [#4638](https://github.com/kumahq/kuma/pull/4638) @michaelbeaumont + +Stats and Clusters in the GUI: + +* execute stats and clusters from the control plane [#4557](https://github.com/kumahq/kuma/pull/4557) [#333](https://github.com/kumahq/kuma-gui/pull/333) @jakubdyszkiewicz + +Extra `retryOn` options for Retry: + +* add extra http retryOn options [#4744](https://github.com/kumahq/kuma/pull/4744) @johnharris85 + +Better support for TCP logging: + +* resilient tcp TCP access log streamer [#4511](https://github.com/kumahq/kuma/pull/4511) @parkanzky [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz + +Filtering Envoy metrics: + +* added option to define filter for Envoy metrics [#4503](https://github.com/kumahq/kuma/pull/4503) @lukidzi + +Projected service account token: + +* support for projected service account token [#4453](https://github.com/kumahq/kuma/pull/4453) @lukidzi + +### Fixes: + +#### Helm: + +* remove duplicate keys in resources [#4681](https://github.com/kumahq/kuma/pull/4681) @michaelbeaumont +* add containersecuritycontext to CNI daemonset [#4677](https://github.com/kumahq/kuma/pull/4677) @jakubdyszkiewicz +* fix extraConfigMap and cp labels [#4531](https://github.com/kumahq/kuma/pull/4531) @lahabana +* use image.global.registry for imageExperimental [#4641](https://github.com/kumahq/kuma/pull/4641) @jakubdyszkiewicz + +#### Gateway: + +* `ListenerReason` for unresolved certificate refs, enable ReferenceGrant conformance tests [#4806](https://github.com/kumahq/kuma/pull/4806) @michaelbeaumont +* check hostname intersection between HTTPRoute and Gateway listener [#4537](https://github.com/kumahq/kuma/pull/4537) @michaelbeaumont +* create MeshGatewayInstance in same Mesh as Gateway [#4794](https://github.com/kumahq/kuma/pull/4794) @michaelbeaumont +* don't create invalid envoy config when routes and listeners don't match (backport #4837) [#4841](https://github.com/kumahq/kuma/pull/4841) @mergify +* hostname intersections, use new RouteReasons [#4544](https://github.com/kumahq/kuma/pull/4544) @michaelbeaumont +* improve HTTPRoute statuses with unresolved BackendRefs [#4635](https://github.com/kumahq/kuma/pull/4635) @michaelbeaumont +* npe without any timeout [#4548](https://github.com/kumahq/kuma/pull/4548) @michaelbeaumont +* rbac permissions for ReferenceGrant [#4628](https://github.com/kumahq/kuma/pull/4628) @michaelbeaumont +* workaround label value max length with hash [#4545](https://github.com/kumahq/kuma/pull/4545) @michaelbeaumont + +#### Control Plane: + +* check if kuma annotation or label is set but ignore value [#4731](https://github.com/kumahq/kuma/pull/4731) @lukidzi +* delete an empty TimeoutConfigurer [#4554](https://github.com/kumahq/kuma/pull/4554) @lobkovilya +* do not modify external service tags [#4591](https://github.com/kumahq/kuma/pull/4591) @jakubdyszkiewicz +* don't deploy Pod/Service webhooks in global [#4673](https://github.com/kumahq/kuma/pull/4673) @michaelbeaumont +* don't fail generation if other mesh CAs are misconfigured [#4501](https://github.com/kumahq/kuma/pull/4501) @michaelbeaumont +* external service datasource validation [#4652](https://github.com/kumahq/kuma/pull/4652) @jakubdyszkiewicz +* fix builtdns annotations for kubernetes [#4660](https://github.com/kumahq/kuma/pull/4660) @lahabana +* generate cluster name hash based on tags not config [#4598](https://github.com/kumahq/kuma/pull/4598) @lukidzi +* grant delete Pods in kuma-system namespace to control plane [#4571](https://github.com/kumahq/kuma/pull/4571) @michaelbeaumont +* localhost exposed application shouldn't be reachable [#4750](https://github.com/kumahq/kuma/pull/4750) @lukidzi +* make options for policies simpler [#4722](https://github.com/kumahq/kuma/pull/4722) @lahabana +* protect sort from empty locality [#4820](https://github.com/kumahq/kuma/pull/4820) @jakubdyszkiewicz +* registering dp on reconnect [#4647](https://github.com/kumahq/kuma/pull/4647) @jakubdyszkiewicz +* support GC service account [#4483](https://github.com/kumahq/kuma/pull/4483) @lobkovilya +* validate both old and new objects on Update [#4589](https://github.com/kumahq/kuma/pull/4589) @michaelbeaumont +* validation error with user tokens [#4507](https://github.com/kumahq/kuma/pull/4507) @jakubdyszkiewicz + +#### Data Plane: + +* access log path on windows when cp is on linux [#4518](https://github.com/kumahq/kuma/pull/4518) @jakubdyszkiewicz +* fix multi OS build of accesslogs [#4767](https://github.com/kumahq/kuma/pull/4767) @lahabana +* have envoy version check always work [#4564](https://github.com/kumahq/kuma/pull/4564) @lahabana +* propagate context for metrics aggregate [#4640](https://github.com/kumahq/kuma/pull/4640) @lukidzi +* set prometheus content-type when returning metrics [#4706](https://github.com/kumahq/kuma/pull/4706) @lukidzi + +### Other: + +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +#### Docs: + +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya + +#### Other changes: + +##### Gateway: + +* mention mesh name in gateway instance status [#4678](https://github.com/kumahq/kuma/pull/4678) @lahabana +* add listener connection limits [#4755](https://github.com/kumahq/kuma/pull/4755) @michaelbeaumont +* add loadBalancerIP to MeshGatewayInstance [#4519](https://github.com/kumahq/kuma/pull/4519) @michaelbeaumont +* allow MeshGateway Dataplane Pods to bind privileged ports [#4535](https://github.com/kumahq/kuma/pull/4535) @michaelbeaumont +* configure overload_manager based on max memory [#4694](https://github.com/kumahq/kuma/pull/4694) @michaelbeaumont +* multi-zone cross-mesh MeshGateway [#4443](https://github.com/kumahq/kuma/pull/4443) @michaelbeaumont +* propagate x-kuma-tags from MeshGateways [#4476](https://github.com/kumahq/kuma/pull/4476) @michaelbeaumont +* send default static payload for empty gateway [#4617](https://github.com/kumahq/kuma/pull/4617) @tharun208 +* set `path_with_escaped_slashes_action` [#4719](https://github.com/kumahq/kuma/pull/4719) @michaelbeaumont +* set cluster HTTP2 stream and connection window size [#4779](https://github.com/kumahq/kuma/pull/4779) @michaelbeaumont +* set cluster per_connection_buffer_limit_bytes [#4696](https://github.com/kumahq/kuma/pull/4696) @michaelbeaumont +* set global_downstream_max_connections to 50000 [#4724](https://github.com/kumahq/kuma/pull/4724) @michaelbeaumont +* update to Gateway API v0.5.0, support v1beta1 resources [#4599](https://github.com/kumahq/kuma/pull/4599) @michaelbeaumont +* validate listeners for collapsibility [#4765](https://github.com/kumahq/kuma/pull/4765) @michaelbeaumont +* add MeshGateway dashboard [#4555](https://github.com/kumahq/kuma/pull/4555) @michaelbeaumont + +##### Control Plane: + +* config cleanup (backport #4855) [#4857](https://github.com/kumahq/kuma/pull/4857) @mergify +* don't set deprecated dns_resolver_config [#4702](https://github.com/kumahq/kuma/pull/4702) @michaelbeaumont +* don't set deprecated known_suffixes [#4701](https://github.com/kumahq/kuma/pull/4701) @michaelbeaumont +* remove deprecated Cluster.Http2ProtocolOptions [#4528](https://github.com/kumahq/kuma/pull/4528) @michaelbeaumont +* remove versions_ws [#4512](https://github.com/kumahq/kuma/pull/4512) @lahabana +* replace deprecated admin_access_log_path [#4552](https://github.com/kumahq/kuma/pull/4552) @lahabana +* add /policies endpoint to list all registered policies [#4708](https://github.com/kumahq/kuma/pull/4708) @lahabana +* authenticate DP every time [#4685](https://github.com/kumahq/kuma/pull/4685) @jakubdyszkiewicz +* enrich policies endpoint [#4791](https://github.com/kumahq/kuma/pull/4791) @jakubdyszkiewicz +* identify gateway service by deployment [#4703](https://github.com/kumahq/kuma/pull/4703) @parkanzky +* separate CA for Envoy Admin communication [#4676](https://github.com/kumahq/kuma/pull/4676) @jakubdyszkiewicz +* use remote address for Gateway [#4530](https://github.com/kumahq/kuma/pull/4530) @jakubdyszkiewicz +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +##### Data Plane: + +* remove envoy admin port flag [#4574](https://github.com/kumahq/kuma/pull/4574) @tharun208 +* detect memory limit only on linux [#4715](https://github.com/kumahq/kuma/pull/4715) @jakubdyszkiewicz + +##### kumactl: + +* add a limit to the prom TSDB size [#4651](https://github.com/kumahq/kuma/pull/4651) @lahabana +* remove old flags in install tp [#4760](https://github.com/kumahq/kuma/pull/4760) @lahabana +* add MeshGateway to `install demo` [#4679](https://github.com/kumahq/kuma/pull/4679) @michaelbeaumont +* add install control-plane --registry flag [#4533](https://github.com/kumahq/kuma/pull/4533) @michaelbeaumont + +##### Documentation: + +* create MADR for MeshTrafficPermission [#4666](https://github.com/kumahq/kuma/pull/4666) @lobkovilya +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya +* policy matching, replace 'conf' with 'default' [#4693](https://github.com/kumahq/kuma/pull/4693) @lobkovilya + +##### CNI: + +* add cni ebpf plugin [#4810](https://github.com/kumahq/kuma/pull/4810) @bartsmykla +* implement the cni plugin [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka [#4618](https://github.com/kumahq/kuma/pull/4618) @slonka [#4613](https://github.com/kumahq/kuma/pull/4613) @slonka [#4850](https://github.com/kumahq/kuma/pull/4850) @mergify [#4642](https://github.com/kumahq/kuma/pull/4642) @slonka [#4788](https://github.com/kumahq/kuma/pull/4788) @slonka [#4858](https://github.com/kumahq/kuma/pull/4858) @mergify [#4826](https://github.com/kumahq/kuma/pull/4826) @slonka [#4695](https://github.com/kumahq/kuma/pull/4695) @slonka [#4846](https://github.com/kumahq/kuma/pull/4846) @mergify +* taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* use our cni with calico [#4801](https://github.com/kumahq/kuma/pull/4801) @slonka + +### Dependency updates: + +* update demo to latest version [#4572](https://github.com/kumahq/kuma/pull/4572) @lahabana +* update Kuma GUI [#4815](https://github.com/kumahq/kuma/pull/4815) @kleinfreund [#4723](https://github.com/kumahq/kuma/pull/4723) @lahabana +* use github.com/emicklei/go-restful/v3 [#4665](https://github.com/kumahq/kuma/pull/4665) @mmorel-35 +* bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles [#4670](https://github.com/kumahq/kuma/pull/4670) [#4827](https://github.com/kumahq/kuma/pull/4827) @dependabot +* bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 [#4717](https://github.com/kumahq/kuma/pull/4717) @dependabot +* bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 [#4632](https://github.com/kumahq/kuma/pull/4632) [#4716](https://github.com/kumahq/kuma/pull/4716) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 [#4499](https://github.com/kumahq/kuma/pull/4499) @dependabot +* bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 [#4672](https://github.com/kumahq/kuma/pull/4672) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 [#4469](https://github.com/kumahq/kuma/pull/4469) [#4480](https://github.com/kumahq/kuma/pull/4480) @dependabot +* bump github.com/miekg/dns from 1.1.49 to 1.1.50 [#4492](https://github.com/kumahq/kuma/pull/4492) @dependabot +* bump github.com/onsi/gomega from 1.19.0 to 1.20.0 [#4671](https://github.com/kumahq/kuma/pull/4671) @dependabot +* bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 [#4783](https://github.com/kumahq/kuma/pull/4783) @dependabot +* bump github.com/prometheus/common from 0.34.0 to 0.37.0 [#4489](https://github.com/kumahq/kuma/pull/4489) [#4627](https://github.com/kumahq/kuma/pull/4627) @dependabot +* bump github.com/spf13/cobra from 1.4.0 to 1.5.0 [#4491](https://github.com/kumahq/kuma/pull/4491) @dependabot +* bump go.uber.org/zap from 1.21.0 to 1.22.0 [#4829](https://github.com/kumahq/kuma/pull/4829) @dependabot +* bump google.golang.org/grpc from 1.47.0 to 1.48.0 [#4631](https://github.com/kumahq/kuma/pull/4631) @dependabot +* bump google.golang.org/protobuf from 1.28.0 to 1.28.1 [#4718](https://github.com/kumahq/kuma/pull/4718) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 [#4493](https://github.com/kumahq/kuma/pull/4493) [#4624](https://github.com/kumahq/kuma/pull/4624) @dependabot +* bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 [#4498](https://github.com/kumahq/kuma/pull/4498) [#4581](https://github.com/kumahq/kuma/pull/4581) @dependabot +* bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 [#4549](https://github.com/kumahq/kuma/pull/4549) @dependabot + +## 1.7.1 +> Released on 2022/07/13 + +### Fixes + +#### Gateway + +* Nil pinter exception without any timeout (#4550) +* Use remote address for Gateway (#4538) + +#### kumactl + +* Update demo to latest version (#4587) + +#### Control plane + +* Grant delete Pods in kuma-system namespace to control plane (#4575) +* Don't fail generation if other mesh CAs are misconfigured (#4517) +* Don't override timeout values for ExternalServices (#4568) + +#### Data plane proxy + +* Access log path on windows when cp is on linux (#4518) + +#### Helm + +* Fix extraConfigMap and cp labels (#4541) + +#### General + +* Avoid `-` in version of the binaries (#4527) + +## 1.7.0 +> Released on 2022/06/13 + +### New features: + +Cross Mesh Communication: +* add cross-mesh `MeshGateway` listeners [#4274](https://github.com/kumahq/kuma/pull/4274)[#4405](https://github.com/kumahq/kuma/pull/4405) @michaelbeaumont + +ContainerPatch: +* allow custom configuration of Kubernetes' `kuma-init` and `kuma-sidecar` containers by introducing `ContainerPatch` CRD [#4280](https://github.com/kumahq/kuma/pull/4280) [#4362](https://github.com/kumahq/kuma/pull/4362) / [#4366](https://github.com/kumahq/kuma/pull/4366) [#4369](https://github.com/kumahq/kuma/pull/4369) / [#4370](https://github.com/kumahq/kuma/pull/4370) @parkanzky, @bartsmykla + +Observability: +* hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh [#4286](https://github.com/kumahq/kuma/pull/4286) [#4388](https://github.com/kumahq/kuma/pull/4388)/[#4406](https://github.com/kumahq/kuma/pull/4406) @lukidzi +* unified installation of `metrics/logging/tracing` into one command `observability` [#4308](https://github.com/kumahq/kuma/pull/4308) [#4411](https://github.com/kumahq/kuma/pull/4411)/[#4418](https://github.com/kumahq/kuma/pull/4418) @lukidzi, @lahabana + +ARM64 support: +* added arm build and release pipeline [#4231](https://github.com/kumahq/kuma/pull/4231) @lukidzi +* release for arm64 now publish correct arch image [#4276](https://github.com/kumahq/kuma/pull/4276) @lukidzi +* upgrade kubectl to version with ARM support [#4180](https://github.com/kumahq/kuma/pull/4180) @lukidzi +* support ARM Linux/Darwin for dev/tools [#4199](https://github.com/kumahq/kuma/pull/4199) @lukidzi +* introduced map of arch for a specific build [#4321](https://github.com/kumahq/kuma/pull/4321) @lukidzi +* do not exclude arm64 files from docker [#4265](https://github.com/kumahq/kuma/pull/4265) @lukidzi + +Gateway: +* add `GatewayClass.Spec.ParametersRef` support [#4157](https://github.com/kumahq/kuma/pull/4157) @michaelbeaumont +* cp annotations from gateway to svc [#4327](https://github.com/kumahq/kuma/pull/4327) @johnharris85 +* only reconcile Gateway when GatewayClass is Ready [#4162](https://github.com/kumahq/kuma/pull/4162) @michaelbeaumont +* auto generate hostname for crossMesh listeners [#4421](https://github.com/kumahq/kuma/pull/4421)/[#4424](https://github.com/kumahq/kuma/pull/4424) @michaelbeaumont + +Helm: +* set host network var in helm/cp-deployment.yaml [#4209](https://github.com/kumahq/kuma/pull/4209) @SallyBlichWalkMe +* add resource management for jobs [#4254](https://github.com/kumahq/kuma/pull/4254) @gdasson +* option for automountSAT=false on cp [#4309](https://github.com/kumahq/kuma/pull/4309) @gdasson +* helm chart improvements [#4337](https://github.com/kumahq/kuma/pull/4337) @bartsmykla + +CP: +* experimental transparent proxy annotation [#4240](https://github.com/kumahq/kuma/pull/4240) @parkanzky +* graceful shutdown on Universal using HDS [#4246](https://github.com/kumahq/kuma/pull/4246) @jakubdyszkiewicz +* intercept signal for different platforms [#4283](https://github.com/kumahq/kuma/pull/4283) @jakubdyszkiewicz +* XDS config dump on Global CP [#4301](https://github.com/kumahq/kuma/pull/4301) @jakubdyszkiewicz +* validate DP compat on kuma backend [#4236](https://github.com/kumahq/kuma/pull/4236) @parkanzky + +DP: +* graceful shutdown of kuma-dp [#4229](https://github.com/kumahq/kuma/pull/4229) @jakubdyszkiewicz + +### Fixes: + +Gateway: +* use MeshGatewayInstance mesh annotation when matching [#4361](https://github.com/kumahq/kuma/pull/4361)/[#4371](https://github.com/kumahq/kuma/pull/4371) @michaelbeaumont + +Helm: +* remove replica from cp-deployment.yaml when autoscaling enabled [#4447](https://github.com/kumahq/kuma/pull/4447)/[#4454](https://github.com/kumahq/kuma/pull/4454) @gustoliv + +CP: +* fix '/config_dump' request if Global CP is on Kubernetes [#4363](https://github.com/kumahq/kuma/pull/4363)/[#4372](https://github.com/kumahq/kuma/pull/4372) @lobkovilya +* add the latest version to compatibility matrix [#4232](https://github.com/kumahq/kuma/pull/4232) @parkanzky + +DP: +* clarify error log message when kuma-dp is wrongly connecting to global-cp [#4269](https://github.com/kumahq/kuma/pull/4269) @slonka + +Kumactl: +* fix transparent proxy --skip-conntrack-zone-split flag value [#4334](https://github.com/kumahq/kuma/pull/4334) @bartsmykla + +### Other notable changes: + +Gateway: +* add /finalizers permission for OwnerReferencesPermissionEnforcement plugin [#4239](https://github.com/kumahq/kuma/pull/4239) @michaelbeaumont +* don't match on ALPN in gateway (#4198) [#4272](https://github.com/kumahq/kuma/pull/4272) @wjrbetts + +Helm: +* delete 'kubernetes.io/arch' node selector [#4335](https://github.com/kumahq/kuma/pull/4335) @lobkovilya + +CP: +* don't always recompute mesh contexts [#4267](https://github.com/kumahq/kuma/pull/4267) @michaelbeaumont +* don't run dataplane gc in global [#4184](https://github.com/kumahq/kuma/pull/4184) @lahabana +* graceful components [#4277](https://github.com/kumahq/kuma/pull/4277) @jakubdyszkiewicz +* memory store cannot delete a parent [#4194](https://github.com/kumahq/kuma/pull/4194) @jakubdyszkiewicz +* protocol check should be case-insensitive [#4248](https://github.com/kumahq/kuma/pull/4248) @lukidzi +* remove dns server from control plane [#4192](https://github.com/kumahq/kuma/pull/4192) @lahabana +* automatically detect dns lookup family for cp cluster [#4275](https://github.com/kumahq/kuma/pull/4275) @slonka + +ZoneIngress: +* graceful start of many ZoneIngresses [#4305](https://github.com/kumahq/kuma/pull/4305) @jakubdyszkiewicz + +ZoneEgress: +* resolve zone-ingress advertized address [#4219](https://github.com/kumahq/kuma/pull/4219) @lahabana +* do not change ip to ZoneEgress address [#4193](https://github.com/kumahq/kuma/pull/4193) @lukidzi + +Kumactl: +* remove flag '--experimental-meshgateway' [#4315](https://github.com/kumahq/kuma/pull/4315) @lobkovilya + +Timeout Policy: +* deprecate 'timeout.grpc' section [#4365](https://github.com/kumahq/kuma/pull/4365)/[#4449](https://github.com/kumahq/kuma/pull/4449) @lobkovilya + +Other: +* delete dns-server 5653 port from configuration and helm files [#4339](https://github.com/kumahq/kuma/pull/4339)/[#4345](https://github.com/kumahq/kuma/pull/4345) @lobkovilya +* support kube-linter tools to analyze Kubernetes YAML files [#4294](https://github.com/kumahq/kuma/pull/4294) @mangoGoForward + +### Dependency upgrades: + +* upgrade envoy to 1.22.1 [#4288](https://github.com/kumahq/kuma/pull/4288) [#4464](https://github.com/kumahq/kuma/pull/4464)/[#4465](https://github.com/kumahq/kuma/pull/4465) @lobkovilya +* upgrade kuma-cni to 0.0.10 [#4313](https://github.com/kumahq/kuma/pull/4313) @lobkovilya +* upgrade tproxy iptables to v0.2.2 [#4328](https://github.com/kumahq/kuma/pull/4328) @bartsmykla +* upgrade GUI to the latest version [#4316](https://github.com/kumahq/kuma/pull/4316) [#4338](https://github.com/kumahq/kuma/pull/4338) [#4389](https://github.com/kumahq/kuma/pull/4389)/[#4390](https://github.com/kumahq/kuma/pull/4390) @jakubdyszkiewicz, @lahabana, @bartsmykla +* upgrade protoc and regenerate files [#4169](https://github.com/kumahq/kuma/pull/4169) @lukidzi +* bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 [#4234](https://github.com/kumahq/kuma/pull/4234) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 [#4178](https://github.com/kumahq/kuma/pull/4178) [#4260](https://github.com/kumahq/kuma/pull/4260) [#4322](https://github.com/kumahq/kuma/pull/4322) @dependabot +* bump github.com/lib/pq from 1.10.5 to 1.10.6 [#4299](https://github.com/kumahq/kuma/pull/4299) @dependabot +* bump github.com/miekg/dns from 1.1.48 to 1.1.49 [#4291](https://github.com/kumahq/kuma/pull/4291) @dependabot +* bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 [#4233](https://github.com/kumahq/kuma/pull/4233) @dependabot +* bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 [#4290](https://github.com/kumahq/kuma/pull/4290) @dependabot +* bump github.com/prometheus/common from 0.33.0 to 0.34.0 [#4235](https://github.com/kumahq/kuma/pull/4235) @dependabot +* bump github.com/spf13/viper from 1.10.0 to 1.11.0 [#4177](https://github.com/kumahq/kuma/pull/4177) @dependabot +* bump google.golang.org/grpc from 1.45.0 to 1.46.2 [#4213](https://github.com/kumahq/kuma/pull/4213) [#4289](https://github.com/kumahq/kuma/pull/4289) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 [#4216](https://github.com/kumahq/kuma/pull/4216) @dependabot [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) +* bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) @dependabot + +### Other: + +* automate policy generation [#4197](https://github.com/kumahq/kuma/pull/4197) @lobkovilya + +## 1.6.1 +> Released on 2022/06/10 + +### Fixes: + +CP: +* do not change ip to ZoneEgress address (backport #4193) [#4195](https://github.com/kumahq/kuma/pull/4195) +* memory store cannot delete a parent (backport #4194) [#4196](https://github.com/kumahq/kuma/pull/4196) + +### Dependency upgrades: + +* upgrade envoy to 1.21.3 [#4457](https://github.com/kumahq/kuma/pull/4457) @lobkovilya + +## 1.5.2 +> Released on 2022/06/10 + +### Dependency upgrades: + +* upgrade envoy to 1.21.3 [#4456](https://github.com/kumahq/kuma/pull/4456) @lobkovilya + +## 1.6.0 +> Released on 2022/04/11 + + +### New features: + +Gateway: +* release K8s GatewayAPI as preview [4072](https://github.com/kumahq/kuma/pull/4072) [4022](https://github.com/kumahq/kuma/pull/4022) [4045](https://github.com/kumahq/kuma/pull/4045) [4014](https://github.com/kumahq/kuma/pull/4014) [3956](https://github.com/kumahq/kuma/pull/3956) @jakubdyszkiewicz,@michaelbeaumont +* use MeshGatewayInstance name for generated objects [4097](https://github.com/kumahq/kuma/pull/4097) @michaelbeaumont + +Inspect api: +* add gateways to policy inspect [4125](https://github.com/kumahq/kuma/pull/4125) [4104](https://github.com/kumahq/kuma/pull/4104) [4092](https://github.com/kumahq/kuma/pull/4092) [4088](https://github.com/kumahq/kuma/pull/4088) [4077](https://github.com/kumahq/kuma/pull/4077) [4064](https://github.com/kumahq/kuma/pull/4064) [4065](https://github.com/kumahq/kuma/pull/4065) [3973](https://github.com/kumahq/kuma/pull/3973) [3966](https://github.com/kumahq/kuma/pull/3966) @michaelbeaumont + +ZoneEgress: +* Make zoneegress available in standalone mode [4100](https://github.com/kumahq/kuma/pull/4100) @lahabana +* added locality aware lb for external service [4048](https://github.com/kumahq/kuma/pull/4048) @lukidzi +* make zoneegress routing opt-in [4109](https://github.com/kumahq/kuma/pull/4109) [4013](https://github.com/kumahq/kuma/pull/4013) @lukidzi +* support RateLimit and FaultInjections [4000](https://github.com/kumahq/kuma/pull/4000) @lobkovilya + +Helm: +* Allow customization of image tags in Helm chart [4068](https://github.com/kumahq/kuma/pull/4068) @gdasson +* Expose kuma-cp's metric port so it can be scraped by self-deployed prometheus. [4047](https://github.com/kumahq/kuma/pull/4047) @jbehrends +* add resource limits option for control plane deployment [4049](https://github.com/kumahq/kuma/pull/4049) @gdasson +* fail if global.image.tag and appVersion incompatible [4085](https://github.com/kumahq/kuma/pull/4085) @michaelbeaumont +* set version to track appVersion [4083](https://github.com/kumahq/kuma/pull/4083) @michaelbeaumont +* expose kuma-cp gui through ingress [4101](https://github.com/kumahq/kuma/pull/4101) @lukidzi +* allow specifying security context [4153](https://github.com/kumahq/kuma/pull/4153) @gdasson @bartsmykla + +Other: +* feat(k8s): ability to set custom service account token volume [4036](https://github.com/kumahq/kuma/pull/4036) @johnharris85 +* feat(k8s): shutdown kuma-dp container for any owner kind [4079](https://github.com/kumahq/kuma/pull/4079) @lukidzi +* feat(k8s): support startupProbes [4090](https://github.com/kumahq/kuma/pull/4090) @lahabana +* feat(kuma-cp): add uptime, policies, gateway dps to reports [3933](https://github.com/kumahq/kuma/pull/3933) @parkanzky +* feat(kuma-cp): add metrics and timeouts to CA interface [4089](https://github.com/kumahq/kuma/pull/4089) @parkanzky +* feat(kumactl): add --values and --set to kumactl install control-plane [4086](https://github.com/kumahq/kuma/pull/4086) @lahabana +* feat(transparent-proxy): add experimental tproxy iptables generation [4114](https://github.com/kumahq/kuma/pull/4114) @bartsmykla + +### Dependency upgrades: + +* bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles [4060](https://github.com/kumahq/kuma/pull/4060) [4023](https://github.com/kumahq/kuma/pull/4023) @dependabot +* bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 [3978](https://github.com/kumahq/kuma/pull/3978) [3976](https://github.com/kumahq/kuma/pull/3976) @dependabot +* bump github.com/go-logr/logr from 1.2.2 to 1.2.3 [4040](https://github.com/kumahq/kuma/pull/4040) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 [4061](https://github.com/kumahq/kuma/pull/4061) [4025](https://github.com/kumahq/kuma/pull/4025) @dependabot +* bump github.com/k8s/* from 0.23.4 to 0.23.5 [4043](https://github.com/kumahq/kuma/pull/4043) @lahabana +* bump github.com/miekg/dns from 1.1.46 to 1.1.47 [3998](https://github.com/kumahq/kuma/pull/3998) @dependabot +* bump github.com/onsi/gomega from 1.18.1 to 1.19.0 [4062](https://github.com/kumahq/kuma/pull/4062) @dependabot +* bump github.com/spf13/cobra from 1.3.0 to 1.4.0 [3995](https://github.com/kumahq/kuma/pull/3995) @dependabot +* bump go.uber.org/multierr from 1.7.0 to 1.8.0 [3974](https://github.com/kumahq/kuma/pull/3974) @dependabot +* bump google.golang.org/grpc from 1.44.0 to 1.45.0 [3993](https://github.com/kumahq/kuma/pull/3993) @dependabot +* bump google.golang.org/protobuf from 1.27.1 to 1.28.0 [4046](https://github.com/kumahq/kuma/pull/4046) @dependabot +* bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 [3994](https://github.com/kumahq/kuma/pull/3994) @dependabot +* bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 [3997](https://github.com/kumahq/kuma/pull/3997) @dependabot +* remove dependency on spire [4044](https://github.com/kumahq/kuma/pull/4044) @lahabana + +### Other notable changes: + +* chore(k8s): replace cni registry [4070](https://github.com/kumahq/kuma/pull/4070) @lobkovilya +* chore(k8s): use appProtocol from service by default [4015](https://github.com/kumahq/kuma/pull/4015) @jakubdyszkiewicz +* chore(kuma-dp): cleanup bootstrap version field [3670](https://github.com/kumahq/kuma/pull/3670) @tharun208 +* fix(gateway): fix status updating in MeshGatewayInstance reconciliation [4051](https://github.com/kumahq/kuma/pull/4051) @michaelbeaumont +* fix(gateway): gateway instance service reconciliation loops forever [4035](https://github.com/kumahq/kuma/pull/4035) @jakubdyszkiewicz +* fix(gateway): gateway reconciliation loops forever [4034](https://github.com/kumahq/kuma/pull/4034) @jakubdyszkiewicz +* fix(gateway): gateway tls listeners without hostnames [4093](https://github.com/kumahq/kuma/pull/4093) @jakubdyszkiewicz +* fix(gateway): ignore non TCP protocol for provided gateway [4067](https://github.com/kumahq/kuma/pull/4067) @lahabana +* fix(gateway): mesh gateway instance service target port [4071](https://github.com/kumahq/kuma/pull/4071) @jakubdyszkiewicz +* fix(gateway): skip creating MeshGateways without proper attachment [4011](https://github.com/kumahq/kuma/pull/4011) @jakubdyszkiewicz +* fix(helm): add prefix to `app` label in ingress/egress deployment [4123](https://github.com/kumahq/kuma/pull/4123) @lahabana +* fix(helm): fix other template prefix in ingress/egress [4124](https://github.com/kumahq/kuma/pull/4124) @lahabana +* fix(helm): remove wildcard rbac version [4148](https://github.com/kumahq/kuma/pull/4148) @johnharris85 +* fix(k8s): reconcile serviceMaps when using mesh namespace annotation [3815](https://github.com/kumahq/kuma/pull/3815) @lahabana +* fix(kuma-cp): avoid generating excessive envoy clusters [3984](https://github.com/kumahq/kuma/pull/3984) @lobkovilya +* fix(kuma-cp): default policy creation [4073](https://github.com/kumahq/kuma/pull/4073) @lobkovilya +* fix(kuma-cp): guard the nil version in metadata [3969](https://github.com/kumahq/kuma/pull/3969) @jakubdyszkiewicz +* fix(kuma-cp): provide better message when running with an in-memory database [3982](https://github.com/kumahq/kuma/pull/3982) @lukidzi +* fix(kuma-dp): better error message when the token is invalid [3961](https://github.com/kumahq/kuma/pull/3961) @lahabana +* fix(kumactl): add mesh flag to only commands that uses it [3788](https://github.com/kumahq/kuma/pull/3788) @tharun208 +* fix(kumactl): split yaml correctly in `kumactl apply` [4107](https://github.com/kumahq/kuma/pull/4107) @lahabana +* fix(proxytemplate): avoid validation error [3937](https://github.com/kumahq/kuma/pull/3937) @marcoferrer +* fix(proxytemplate): execute hooks before proxy template modifications [4055](https://github.com/kumahq/kuma/pull/4055) @jakubdyszkiewicz +* perf(k8s): move outbounds from Dataplane to Config [3986](https://github.com/kumahq/kuma/pull/3986) @jakubdyszkiewicz + + +## 1.5.1 +> Released on 2022/04/06 + +* chore(k8s): replace cni registry (backport #4070) [4076](https://github.com/kumahq/kuma/pull/4076) +* fix(kuma-cp): default policy creation (backport #4073) [4080](https://github.com/kumahq/kuma/pull/4080) +* fix(kuma-cp): guard the nil version in metadata (backport #3969) [3970](https://github.com/kumahq/kuma/pull/3970) + +## 1.5.0 +> Released on 2022/02/23 + +* feat(*): zone egress [#3809](https://github.com//kumahq/kuma/pull/3809) [#3757](https://github.com//kumahq/kuma/pull/3757) +* feat(kuma-cp) data plane proxy membership [#3619](https://github.com//kumahq/kuma/pull/3619) +* feat(kuma-cp): reachable services in transparent proxying [#3791](https://github.com//kumahq/kuma/pull/3791) +* feat(inspect-api): retrieve full XDS config [#3768](https://github.com//kumahq/kuma/pull/3768) +* feat(*): inspect api support [#3805](https://github.com//kumahq/kuma/pull/3805) [#3568](https://github.com//kumahq/kuma/pull/3568) [#3462](https://github.com//kumahq/kuma/pull/3462) +* feat(kuma-cp): add proxytemplate to matched policies for inspect poli… [#3786](https://github.com//kumahq/kuma/pull/3786) 👍contributed by @tharun208 +* feat(kuma-cp): enable traffic route for inspect endpoints [#3735](https://github.com//kumahq/kuma/pull/3735) 👍contributed by @tharun208 +* feat(*): move adminPort to DPP resource [#3739](https://github.com//kumahq/kuma/pull/3739) +* feat(helm): add imagePullSecrets support [#3755](https://github.com//kumahq/kuma/pull/3755) 👍contributed by @johnharris85 +* feat(*): enable Gateway with runtime flag [#3736](https://github.com//kumahq/kuma/pull/3736) +* feat(kumactl): add --api-timeout flag [#3723](https://github.com//kumahq/kuma/pull/3723) +* feat: allow for ca/identity secrets for every mesh [#3696](https://github.com//kumahq/kuma/pull/3696) +* feat(kuma-cp): allow extra cm in kuma cp chart [#3671](https://github.com//kumahq/kuma/pull/3671) 👍contributed by @wjrbetts +* feat(kuma-cp): add gui link in index api response [#3675](https://github.com//kumahq/kuma/pull/3675) 👍contributed by @tharun208 +* feat(*): allow ca.crt to be in separate k8s secret [#3638](https://github.com//kumahq/kuma/pull/3638) +* feat(kumactl): add type of logging and tracing backends with name in table output [#3636](https://github.com//kumahq/kuma/pull/3636) 👍contributed by @tharun208 +* feat(kuma-cp): enable client side gRPC keepalive [#3574](https://github.com//kumahq/kuma/pull/3574) +* feat(gui): new onboarding view [kumahq/kuma-gui#194](https://github.com/kumahq/kuma-gui/pull/194) +* feat(gui): link to documentation from policy view [kumahq/kuma-gui#289](https://github.com/kumahq/kuma-gui/pull/289) + +* fix(kuma-cp): do not update unchanged insights [#3819](https://github.com//kumahq/kuma/pull/3819) +* fix(*): do not annotate gateway services with ingress upstream [#3816](https://github.com//kumahq/kuma/pull/3816) +* fix(*): properly escape DB password when creating postgres connection string [#3804](https://github.com//kumahq/kuma/pull/3804) +* fix(kuma-cp): fix missing label sidecar injection [#3740](https://github.com//kumahq/kuma/pull/3740) +* fix(kuma-dp): fix conntrack collisions [#3459](https://github.com//kumahq/kuma/pull/3459) 👍contributed by @johnharris85 +* fix(conf): remove invalid health check fields from example [#3697](https://github.com//kumahq/kuma/pull/3697) 👍contributed by @tharun208 +* fix(kuma-dp): binary lookup function skips not available directories [#3667](https://github.com//kumahq/kuma/pull/3667) +* fix(k8s): make sure controllers start after leader election [#3666](https://github.com//kumahq/kuma/pull/3666) +* fix(build): fix gomega matchers for inspect resources command test [#3660](https://github.com//kumahq/kuma/pull/3660) [#3651](https://github.com//kumahq/kuma/pull/3651) 👍contributed by @tharun208 +* fix(kumactl): ignore any unregistered CRDs, not only from the root chart [#3643](https://github.com//kumahq/kuma/pull/3643) +* fix(kumactl): print meta before spec for Kuma resources [#3637](https://github.com//kumahq/kuma/pull/3637) +* fix(kuma-cp): add cp selector to global sync service [#3579](https://github.com//kumahq/kuma/pull/3579) +* fix(kuma-cp) do not override other dataplane with dp lifecycle [#3507](https://github.com//kumahq/kuma/pull/3507) +* fix(helm) Add support to customize nodeport [#1944](https://github.com//kumahq/kuma/pull/1944) 👍contributed by @bhiravabhatla + +* perf(kuma-cp): use mesh snapshot in proxy builder [#3700](https://github.com//kumahq/kuma/pull/3700) +* perf(kuma-cp): use mesh snapshot in gateway [#3710](https://github.com//kumahq/kuma/pull/3710) +* perf(kuma-cp): share mesh context [#3659](https://github.com//kumahq/kuma/pull/3659) + +* improvement(metadata): include name of annotation to parse error message [#3677](https://github.com//kumahq/kuma/pull/3677) 👍contributed by @ChinYing-Li +* refactor(insights): delete method GetLatestSubscription for insights [#3656](https://github.com//kumahq/kuma/pull/3656) 👍contributed by @tharun208 +* refactor(kuma-cp): unify mesh determination for k8s objects [#3708](https://github.com//kumahq/kuma/pull/3708) +* refactor(*): replace ensureDefaultXXX functions with a single generic function [#3662](https://github.com//kumahq/kuma/pull/3662) 👍contributed by @tharun208 +* chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT [#3766](https://github.com//kumahq/kuma/pull/3766) +* chore(k8s): remove GetBool method and use GetEnabled [#3698](https://github.com//kumahq/kuma/pull/3698) 👍contributed by @tharun208 +* chore(*): generate CRD types [#3453](https://github.com//kumahq/kuma/pull/3453) +* chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp [#3691](https://github.com//kumahq/kuma/pull/3691) +* chore(kuma-cp): consolidate mesh defaults creation [#3678](https://github.com//kumahq/kuma/pull/3678) +* chore(config): remove ability to disable insights [#3501](https://github.com//kumahq/kuma/pull/3501) +* chore(*): remove old Ingress [#3435](https://github.com//kumahq/kuma/pull/3435) +* chore(*): upgrade Envoy to v1.21.1 [#3909](https://github.com//kumahq/kuma/pull/3909) +* chore(grafana): update to latest grafana plugin version [#3812](https://github.com//kumahq/kuma/pull/3812) +* ci(*): release on every commit in master and release branches [#3712](https://github.com//kumahq/kuma/pull/3712) + +## 1.4.1 +> Released on 2021/12/15 + +* feat: add kubernetes tags automatically [#3439](https://github.com//kumahq/kuma/pull/3439) +* perf: update Mesh and ServiceInsights only when really needed [#3463](https://github.com//kumahq/kuma/pull/3463) +* perf: eliminate uneccessary JSON marshalling [#3483](https://github.com//kumahq/kuma/pull/3483) +* feat: sidecar injection webhook based on labels [#3417](https://github.com//kumahq/kuma/pull/3417) +* chore: upgrade gui to new version [#3454](https://github.com//kumahq/kuma/pull/3454) +* test: fix postgress tests permissions [#3443](https://github.com//kumahq/kuma/pull/3443) +* feat: add affinity to CP and Ingress pods [#3036](https://github.com//kumahq/kuma/pull/3036) + 👍contributed by @andrey-dubnik +* chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 [#3432](https://github.com//kumahq/kuma/pull/3432) +* feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 [#3376](https://github.com/kumahq/kuma/pull/3376) +* fix: simplify cluster creation with endpoints [#3403](https://github.com//kumahq/kuma/pull/3403) +* fix: enable metrics hijacker for current version of Kuma [#3405](https://github.com//kumahq/kuma/pull/3405) +* fix: switch to mTLS when CP communicates with Envoy Admin [#3353](https://github.com//kumahq/kuma/pull/3353) +* chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 [#3388](https://github.com//kumahq/kuma/pull/3388) +* chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 [#3389](https://github.com//kumahq/kuma/pull/3389) +* fix: validate cp url in dp conf [#3357](https://github.com//kumahq/kuma/pull/3357) +* chore: send reports to tls endpoint [#3361](https://github.com//kumahq/kuma/pull/3361) +* chore: check explicit service account name [#3228](https://github.com//kumahq/kuma/pull/3228) +* feat: inspect other dependencies versions [#3352](https://github.com//kumahq/kuma/pull/3352) +* chore: add area/gateway label [#3263](https://github.com//kumahq/kuma/pull/3263) +* chore: remove dp token from xds metadata [#3282](https://github.com//kumahq/kuma/pull/3282) +* refactor: move from io/ioutil to io and os packages [#3265](https://github.com//kumahq/kuma/pull/3265) + 👍contributed by @Juneezee +* fix: validate newly generated xDS snapshots [#3195](https://github.com//kumahq/kuma/pull/3195) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 [#3218](https://github.com//kumahq/kuma/pull/3218) +* chore: bump helm chart version to 0.8 [#3202](https://github.com//kumahq/kuma/pull/3202) + +## 1.4.0 +> Released on 2021/11/19 + +* chore(*) scripts for build, publish and fetch Envoy binaries [#3110](https://github.com//kumahq/kuma/pull/3110) [#3182](https://github.com//kumahq/kuma/pull/3182) +* chore(kuma-cp) upgrade gui to new version [#3178](https://github.com//kumahq/kuma/pull/3178) [#3179](https://github.com//kumahq/kuma/pull/3179) +* chore(kuma-cp) Use go structs instead of gotemplate for bootstrap [#3156](https://github.com//kumahq/kuma/pull/3156) [#3173](https://github.com//kumahq/kuma/pull/3173) +* chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 [#3170](https://github.com//kumahq/kuma/pull/3170) +* Disable reporting by default [#3070](https://github.com//kumahq/kuma/pull/3070) [#3159](https://github.com//kumahq/kuma/pull/3159) +* chore(kumactl) remove install CRDs filter function [#3139](https://github.com//kumahq/kuma/pull/3139) +* feat(kuma-dp) Add conf to disable service vip [#3143](https://github.com//kumahq/kuma/pull/3143) +* chore(kuma-cp) update some TODO comments [#3141](https://github.com//kumahq/kuma/pull/3141) +* feat(kuma-cp) Add kuma.io/ignore annotation [#3142](https://github.com//kumahq/kuma/pull/3142) +* fix(kuma-dp) match gateway cluster names in the hijacker [#3106](https://github.com//kumahq/kuma/pull/3106) +* feat: add ECDSA certificate generator support [#3093](https://github.com//kumahq/kuma/pull/3093) +* feat: add more global resources to GlobalInsights [#3094](https://github.com//kumahq/kuma/pull/3094) +* feat: allow creating secrets for the not yet existing mesh [#3076](https://github.com//kumahq/kuma/pull/3076) + 👍contributed by cloudwiz +* feat: don't add v6 in DNS when v6 is disabled [#3089](https://github.com//kumahq/kuma/pull/3089) +* fix: explicitly disable dns in env when disabled in injector [#3077](https://github.com//kumahq/kuma/pull/3077) +* feat: added support for https tracing endpoint [#3057](https://github.com//kumahq/kuma/pull/3057) + 👍contributed by sudeeptoroy +* fix: normalize generating TLS certificates [#3027](https://github.com//kumahq/kuma/pull/3027) +* fix: zero downtime when enabling permissive mTLS [#3019](https://github.com//kumahq/kuma/pull/3019) +* feat: add deprecation notice for kuma-prometheus-sd [#2994](https://github.com//kumahq/kuma/pull/2994) +* feat: add GlobalInsights api endpoint [#3018](https://github.com//kumahq/kuma/pull/3018) +* fix: duplicate TLS certificate usage [#3008](https://github.com//kumahq/kuma/pull/3008) +* chore: add command argument count parameters [#3010](https://github.com//kumahq/kuma/pull/3010) +* feat: aggregate dp stats by type in MeshInsight [#2999](https://github.com//kumahq/kuma/pull/2999) +* chore: delete CLI flag '--bootstrap-version' [#2965](https://github.com//kumahq/kuma/pull/2965) +* feat: show the effective Dataplane address [#2977](https://github.com//kumahq/kuma/pull/2977) +* feat: aggregate services in MeshInsight [#2974](https://github.com//kumahq/kuma/pull/2974) +* fix: allow only one healthcheck [#2972](https://github.com//kumahq/kuma/pull/2972) +* feat: give CA managers all backends at once [#2956](https://github.com//kumahq/kuma/pull/2956) +* chore: normalize timeout configurer API [#2934](https://github.com//kumahq/kuma/pull/2934) +* fix: locality-aware lb for external-services [#2903](https://github.com//kumahq/kuma/pull/2903) +* feat: add install control-plane --version flag for all components [#2904](https://github.com//kumahq/kuma/pull/2904) +* feat: add zone selector to Kuma Mesh dashboard [#2860](https://github.com//kumahq/kuma/pull/2860) +* fix: possible to delete resources on Zone CP [#2665](https://github.com//kumahq/kuma/pull/2665) +* fix: make cluster names contextually unique [#3098](https://github.com//kumahq/kuma/pull/3098) +* feat: automatically enable gzip content on gateways [#3104](https://github.com//kumahq/kuma/pull/3104) +* feat: add Gateway TLS termination support [#3044](https://github.com//kumahq/kuma/pull/3044) +* feat: add gateway support for external services [#2990](https://github.com//kumahq/kuma/pull/2990) +* fix: enable secrets support for Gateway resources [#2953](https://github.com//kumahq/kuma/pull/2953) +* feat: initial connection policy support for Gateway [#2933](https://github.com//kumahq/kuma/pull/2933) +* feat: add access to generate zone ingress token [#3075](https://github.com//kumahq/kuma/pull/3075) +* feat: user token with RSA256 [#2992](https://github.com//kumahq/kuma/pull/2992) +* feat: prefix system users and groups with mesh-system [#3013](https://github.com//kumahq/kuma/pull/3013) +* feat: localhost is not an admin on kubernetes [#3003](https://github.com//kumahq/kuma/pull/3003) +* feat: user token enabled by default [#2941](https://github.com//kumahq/kuma/pull/2941) +* feat: Admin User Token bootstrap [#2923](https://github.com//kumahq/kuma/pull/2923) +* chore: refactor access control for individual access [#2983](https://github.com//kumahq/kuma/pull/2983) +* feat: support plugin based authentication including user tokens [#2895](https://github.com//kumahq/kuma/pull/2895) +* feat: User Token for API Server authentication [#2892](https://github.com//kumahq/kuma/pull/2892) +* chore: refactor authz and authn to plugins [#2837](https://github.com//kumahq/kuma/pull/2837) +* chore(kuma-cp) upgrade gui to new version [#3148](https://github.com//kumahq/kuma/pull/3148) +* chore(*) upgrade to Go 1.17.3 [#3147](https://github.com//kumahq/kuma/pull/3147) +* chore(deps): bump github.com/operator-framework/operator-lib [#3158](https://github.com//kumahq/kuma/pull/3158) +* chore(deps): bump github.com/gruntwork-io/terratest [#3130](https://github.com//kumahq/kuma/pull/3130) +* chore: update helm and controller-runtime [#2764](https://github.com//kumahq/kuma/pull/2764) +* chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 [#3131](https://github.com//kumahq/kuma/pull/3131) +* chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 [#3101](https://github.com//kumahq/kuma/pull/3101) +* chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 [#3006](https://github.com//kumahq/kuma/pull/3006) +* chore: bump github.com/envoyproxy/protoc-gen-validate [#3007](https://github.com//kumahq/kuma/pull/3007) +* chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 [#2839](https://github.com//kumahq/kuma/pull/2839) +* chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 [#3132](https://github.com//kumahq/kuma/pull/3132) +* chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 [#3061](https://github.com//kumahq/kuma/pull/3061) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 [#3059](https://github.com//kumahq/kuma/pull/3059) +* chore: bump k8s.io/api from 0.22.2 to 0.22.3 [#3058](https://github.com//kumahq/kuma/pull/3058) +* chore: bump github.com/golang-migrate/migrate/v4 [#2970](https://github.com//kumahq/kuma/pull/2970) +* chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 [#2968](https://github.com//kumahq/kuma/pull/2968) +* chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio [#2752](https://github.com//kumahq/kuma/pull/2752) + +## 1.3.1 +> Released on 2021/10/06 + +* fix: disable zone [#2884](https://github.com//kumahq/kuma/pull/2884) +* fix: limit number of postgres connection by default [#2866](https://github.com//kumahq/kuma/pull/2866) +* feat: add zone selector to Kuma Service to Service dashboard [#2876](https://github.com//kumahq/kuma/pull/2876) +* feat: add zone selector to Kuma Service dashboard [#2865](https://github.com//kumahq/kuma/pull/2865) +* feat: add zone selector to Kuma Dataplane dashboard [#2864](https://github.com//kumahq/kuma/pull/2864) +* fix: fix duplicates in dataplane list in Kuma Services dashboard [#2845](https://github.com//kumahq/kuma/pull/2845) +* chore: migrate install resources from rbac API v1beta1 to v1 [#2875](https://github.com//kumahq/kuma/pull/2875) +* fix: fault injection matching [#2757](https://github.com//kumahq/kuma/pull/2757) +* fix: delete kuma.io/region and kuma.io/sub-zone [#2824](https://github.com//kumahq/kuma/pull/2824) +* feat: print control plane version with version cmd [#2834](https://github.com//kumahq/kuma/pull/2834) +* fix: Only warn about version compatibility where it makes sense [#2828](https://github.com//kumahq/kuma/pull/2828) +* perf: remove insight update rate limit burst [#2825](https://github.com//kumahq/kuma/pull/2825) +* perf: apply ratelimit to service insights [#2815](https://github.com//kumahq/kuma/pull/2815) +* feat: adds support for specifying specific IP for cloud provider load balancers for ingress service [#2779](https://github.com//kumahq/kuma/pull/2779) + 👍contributed by @jamesdbloom +* fix: send tool output to stdout [#2787](https://github.com//kumahq/kuma/pull/2787) +* fix: switch to a Kuma fork of go-control-plane [#2771](https://github.com//kumahq/kuma/pull/2771) +* chore: parametrize label on the deployment [#2765](https://github.com//kumahq/kuma/pull/2765) +* perf: set Node only on first DiscoveryRequest [#2741](https://github.com//kumahq/kuma/pull/2741) +* feat: verify ServiceAccountToken bound to a Pod [#2745](https://github.com//kumahq/kuma/pull/2745) +* feat: internal dns should resolve AAAA records [#2760](https://github.com//kumahq/kuma/pull/2760) +* fix: Add FORMERR and NOTIMP in alternate default coredns conf [#2756](https://github.com//kumahq/kuma/pull/2756) +* fix: virtual probes with query [#2706](https://github.com//kumahq/kuma/pull/2706) +* fix: Avoid calling `Send()` from different goroutines [#2573](https://github.com//kumahq/kuma/pull/2573) +* feat: automatically set proxy concurrency [#2691](https://github.com//kumahq/kuma/pull/2691) +* feat: Improve builtin grafana setup to have traces and logs linked [#2716](https://github.com//kumahq/kuma/pull/2716) +* fix: Show gateway services in service-insights [#2711](https://github.com//kumahq/kuma/pull/2711) +* fix: Correct bad merging of duration [#2700](https://github.com//kumahq/kuma/pull/2700) +* fix: Ensure outbounds are set when migrating from old to new [#2698](https://github.com//kumahq/kuma/pull/2698) +* fix: get rid of regex for parsing IPs [#2681](https://github.com//kumahq/kuma/pull/2681) +* feat: add CP config to ZoneInsights [#2661](https://github.com//kumahq/kuma/pull/2661) +* feat: generate GatewayRoute clusters [#2819](https://github.com//kumahq/kuma/pull/2819) +* feat: add GatewayRoute route generation [#2782](https://github.com//kumahq/kuma/pull/2782) +* feat: match gateway routes [#2758](https://github.com//kumahq/kuma/pull/2758) +* feat: initial gateway TrafficRoute support [#2547](https://github.com//kumahq/kuma/pull/2547) +* feat: add a GatewayRoute resource [#2591](https://github.com//kumahq/kuma/pull/2591) +* chore: update base image for kuma-dp [#2881](https://github.com//kumahq/kuma/pull/2881) +* chore: change Go JWT version to fix security vunerability [#2844](https://github.com//kumahq/kuma/pull/2844) +* chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 [#2768](https://github.com//kumahq/kuma/pull/2768) +* chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 [#2737](https://github.com//kumahq/kuma/pull/2737) +* chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 [#2769](https://github.com//kumahq/kuma/pull/2769) +* chore: upgrade github.com/spf13/cobra [#2732](https://github.com//kumahq/kuma/pull/2732) +* chore: bump alpine in /tools/releases/dockerfiles [#2705](https://github.com//kumahq/kuma/pull/2705) +* chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 [#2657](https://github.com//kumahq/kuma/pull/2657) +* chore: update envoy to 1.18.4 [#2667](https://github.com//kumahq/kuma/pull/2667) + + +## 1.3.0 +> Released on 2021/08/24 + +* feat: remove provided ca cert validation [#2663](https://github.com/kumahq/kuma/pull/2663) + 👍contributed by Nikita Pande (@nikita15p) +* feat: Use kuma-sd in kumactl install metrics [#2654](https://github.com/kumahq/kuma/pull/2654) +* feat: Add new datasource to kumactl install metrics [#2640](https://github.com/kumahq/kuma/pull/2640) +* fix: remove extra endline in traffic log default template [#2514](https://github.com//kumahq/kuma/pull/2514) +* fix: TLSInspector is causing tcp healthcheck failures [#2639](https://github.com//kumahq/kuma/pull/2639) +* feat: Add rate-limit to outbound interfaces [#2435](https://github.com//kumahq/kuma/pull/2435) +* fix: print a newline with transparent proxy setup message [#2634](https://github.com//kumahq/kuma/pull/2634) +* chore: bump alpine in /tools/releases/dockerfiles [#2531](https://github.com//kumahq/kuma/pull/2531) +* chore: annotate required fields in proto files [#2556](https://github.com//kumahq/kuma/pull/2556) +* chore: remove MADS v1alpha1 [#2632](https://github.com//kumahq/kuma/pull/2632) +* chore: parametrize kuma tracing in ZipkinCollectorURL [#2635](https://github.com//kumahq/kuma/pull/2635) +* chore: Add the number of services to usage stats [#2628](https://github.com//kumahq/kuma/pull/2628) +* feat: Add the permissive mTLS mode [#2579](https://github.com//kumahq/kuma/pull/2579) +* chore: open CAProvider and MeshValidator for extensions [#2618](https://github.com//kumahq/kuma/pull/2618) +* feat: Add entity for virtual-outbound [#2576](https://github.com//kumahq/kuma/pull/2576) +* fix: Don't set zap.Development() in debug log [#2608](https://github.com//kumahq/kuma/pull/2608) +* chore(kuma-cp) upgrade gui to new version [#2611](https://github.com//kumahq/kuma/pull/2611), [#2452](https://github.com//kumahq/kuma/pull/2452), [#2554](https://github.com//kumahq/kuma/pull/2554), [#2528](https://github.com//kumahq/kuma/pull/2528), [#2497](https://github.com//kumahq/kuma/pull/2497), [#2490](https://github.com//kumahq/kuma/pull/2490), [#2481](https://github.com//kumahq/kuma/pull/2481) +* feat: Build kuma on Windows [#2597](https://github.com//kumahq/kuma/pull/2597), [#2606](https://github.com//kumahq/kuma/pull/2606), [#2559](https://github.com//kumahq/kuma/pull/2559) +* feat: Add CA backend stats in Dataplane and Mesh Insights [#2562](https://github.com//kumahq/kuma/pull/2562) +* fix: missing key for kv in reports logging [#2598](https://github.com//kumahq/kuma/pull/2598) +* chore: split listener configurers across source files [#2592](https://github.com//kumahq/kuma/pull/2592) +* feat: add simple HTTP connection configurers [#2593](https://github.com//kumahq/kuma/pull/2593) +* feat: add virtual host domain name configurer [#2590](https://github.com//kumahq/kuma/pull/2590) +* feat: return instance and cluster IDs in kuma-cp API statuses [#2589](https://github.com//kumahq/kuma/pull/2589) +* tests: allow kuma-specific const to be overridden [#2582](https://github.com//kumahq/kuma/pull/2582) +* feat: Intermediate CA support [#2575](https://github.com//kumahq/kuma/pull/2575) +* fix: Avoid nil dereferencing in dp validator [#2578](https://github.com//kumahq/kuma/pull/2578) +* chore: consistently use utils package for protobuf wrappers [#2570](https://github.com//kumahq/kuma/pull/2570) +* fix: subscription finalizer, rev 2 [#2526](https://github.com//kumahq/kuma/pull/2526) +* tests: fix flaky test for locality aware loadbalancing [#2564](https://github.com//kumahq/kuma/pull/2564) +* fix: DP tracking lock consistency fix [#2567](https://github.com//kumahq/kuma/pull/2567) +* chore: Certificates over ADS [#2558](https://github.com//kumahq/kuma/pull/2558) +* chore: migrate DiscoveryRequest/Response in KDS to V3 [#2541](https://github.com//kumahq/kuma/pull/2541) +* feat: Rewrite dns persistence to allow virtual-outbound to be added [#2484](https://github.com//kumahq/kuma/pull/2484) +* fix: deleted default policy is created on Kuma CP restart [#2507](https://github.com//kumahq/kuma/pull/2507) +* chore: Move kumactl logging arguments to where they can be parameterized [#2544](https://github.com//kumahq/kuma/pull/2544) +* chore: add route and virtual host configuration helpers [#2517](https://github.com//kumahq/kuma/pull/2517) +* chore: fix kumactl generate dataplane proxy-type flag deprecation message [#2522](https://github.com//kumahq/kuma/pull/2522) + 👍contributed by Tharun Rajendran +* chore: Simplify resource-gen.go by generating `ResourceDescriptor` [#2511](https://github.com//kumahq/kuma/pull/2511) +* chore: Replace netcat with test server [#2510](https://github.com//kumahq/kuma/pull/2510) +* feat: configure SNI on ExternalService [#2467](https://github.com//kumahq/kuma/pull/2467) +* chore: add importas to golangci-lint [#2516](https://github.com//kumahq/kuma/pull/2516) + 👍contributed by Tharun Rajendran +* chore: add to resource-gen.go generation of kds options [#2487](https://github.com//kumahq/kuma/pull/2487) +* chore: add to resource-gen.go generation of kumactl options [#2469](https://github.com//kumahq/kuma/pull/2469) +* fix: add owner when create ZoneIngressInsight [#2456](https://github.com//kumahq/kuma/pull/2456) +* fix: hijacker merge labels [#2476](https://github.com//kumahq/kuma/pull/2476) +* chore: improve resource-gen by auto generating ws code [#2466](https://github.com//kumahq/kuma/pull/2466) +* fix: clarify invalid resource type message [#2473](https://github.com//kumahq/kuma/pull/2473) +* fix: implement TextMarshaler for JSON keys [#2475](https://github.com//kumahq/kuma/pull/2475) +* chore: simplify resourceWsDefinition and server init [#2477](https://github.com//kumahq/kuma/pull/2477) +* fix: Stop adding outbounds to dp for vips [#2421](https://github.com//kumahq/kuma/pull/2421) +* chore(*) make port validation consistent [#2448](https://github.com//kumahq/kuma/pull/2448) + +## 1.2.3 +> Released on 2021/07/29 + +* fix(kumactl) warn about fail to check the CP version [#2438](https://github.com//kumahq/kuma/pull/2438) +* fix(kuma-cp) handle missing connection info [#2439](https://github.com//kumahq/kuma/pull/2439) +* chore(xds) rename logger to have consistent naming style [#2375](https://github.com//kumahq/kuma/pull/2375) + 👍contributed by burntcarrot +* fix(kuma-cp) set better keep-alive for bootstrap [#2432](https://github.com//kumahq/kuma/pull/2432) +* fix(kuma-dp) validate the DP proxy type [#2186](https://github.com//kumahq/kuma/pull/2186) +* fix(kuma-cp) use the typed config for TLS Inspector [#2373](https://github.com//kumahq/kuma/pull/2373) + +## 1.2.2 +> Released on 2021/07/16 + +* feat: add datadog traffic tracing [#2269](https://github.com//kumahq/kuma/pull/2247) +* refactor: add kumactl install tracing context [#2343](https://github.com//kumahq/kuma/pull/2343) +* chore: improve kumactl install transparent-proxy flags description, add extra validation [#2352](https://github.com//kumahq/kuma/pull/2352) +* fix: broken SDS auth and XDS generation on rapid DP restarts [#2342](https://github.com//kumahq/kuma/pull/2342) +* fix: allow verbose log levels [#2351](https://github.com//kumahq/kuma/pull/2351) +* chore: use resource types for DataplaneInsight tracking [#2324](https://github.com//kumahq/kuma/pull/2324) +* chore: improve resource manager initialization readability [#2316](https://github.com//kumahq/kuma/pull/2316) +* chore: upgrade gui to new version [#2340](https://github.com//kumahq/kuma/pull/2340), [#2325](https://github.com//kumahq/kuma/pull/2325), [#2315](https://github.com//kumahq/kuma/pull/2315) +* fix: allocate a new VIP for ExternalService host [#2302](https://github.com//kumahq/kuma/pull/2302) +* fix: stop components on leader election lost [#2318](https://github.com//kumahq/kuma/pull/2318) +* chore: generate system resource wrappers [#2282](https://github.com//kumahq/kuma/pull/2282), [#2311](https://github.com//kumahq/kuma/pull/2311) +* chore: remove access log V2 [#2301](https://github.com//kumahq/kuma/pull/2301) +* chore: generate DeepCopy interfaces [#2222](https://github.com//kumahq/kuma/pull/2222) +* chore: disable log sampling [#2273](https://github.com//kumahq/kuma/pull/2273) +* chore: upgrade Protocol Buffers [#2244](https://github.com//kumahq/kuma/pull/2244) +* chore: change default number of insights subscriptions [#2266](https://github.com//kumahq/kuma/pull/2266) +* chore: make the authentication interface type oblivious [#2271](https://github.com//kumahq/kuma/pull/2271) +* fix: fix hds disabled on dpserver [#2268](https://github.com//kumahq/kuma/pull/2268) + 👍contributed by Bastien Chatelard +* chore: refactor xDS metadata to store a generic resource [#2264](https://github.com//kumahq/kuma/pull/2264) +* feat: change KDS max message limit [#2265](https://github.com//kumahq/kuma/pull/2265) + +## 1.2.1 +> Released on 2021/06/30 + +* fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits [#2246](https://github.com//kumahq/kuma/pull/2246) +* chore: reduce memory usage by reducing cache key size [#2214](https://github.com//kumahq/kuma/pull/2214) [#2230](https://github.com//kumahq/kuma/pull/2230) + 👍contributed by nhamlh +* fix: ZoneIngress always shows up as 'offline' [#2209](https://github.com//kumahq/kuma/pull/2209) +* feat: dataplane use advertise address to add a routable ip if address is not public ip [#2116](https://github.com//kumahq/kuma/pull/2116) + 👍contributed by sudeeptoroy +* fix: builtin DNS resolve alias with dots [#2208](https://github.com//kumahq/kuma/pull/2208) +* feat: add SNI to TLSed ExternalServices [#2211](https://github.com//kumahq/kuma/pull/2211) +* fix: fix race condition in cache [#2202](https://github.com//kumahq/kuma/pull/2202) + 👍contributed by nhamlh +* fix: supported versions of Kuma DP in the GUI [#2193](https://github.com//kumahq/kuma/pull/2193) + +## 1.2.0 +> Released on 2021/06/17 + +* feat: Introduce ZoneIngress [#2147](https://github.com//kumahq/kuma/pull/2147) [#2169](https://github.com//kumahq/kuma/pull/2169) +* feat: enable dataplane dns by default [#2152](https://github.com//kumahq/kuma/pull/2152) +* feat: add --verbose flag to kuma-init [#2156](https://github.com//kumahq/kuma/pull/2156) +* feat: log rotation [#2100](https://github.com//kumahq/kuma/pull/2100) + 👍contributed by @nikita15p +* feat: mads, allow specifying fetch-timeout via query param [#2148](https://github.com//kumahq/kuma/pull/2148) + 👍contributed by @austince +* feat: mads, add support for HTTP long polling [#2121](https://github.com//kumahq/kuma/pull/2121) + 👍contributed by @austince +* feat(mads) implement v1 API [#1753](https://github.com//kumahq/kuma/pull/1753) + 👍contributed by @austince +* feat: add RateLimit policy [#2083](https://github.com//kumahq/kuma/pull/2083) +* feat: TrafficRoute L7 [#2013](https://github.com//kumahq/kuma/pull/2013) + [#2042](https://github.com//kumahq/kuma/pull/2042) [#2062](https://github.com//kumahq/kuma/pull/2062) + [#2072](https://github.com//kumahq/kuma/pull/2072) [#2168](https://github.com//kumahq/kuma/pull/2168) + +* feat: allow renegotiation for TLS in ExternalServices [#2135](https://github.com//kumahq/kuma/pull/2135) +* feat: pass header when communicating with CP [#2049](https://github.com//kumahq/kuma/pull/2049) + 👍contributed by sudeeptoroy +* feat: change default traffic route policy [#2075](https://github.com//kumahq/kuma/pull/2075) +* feat: command to install kong enterprise ingress [#1999](https://github.com//kumahq/kuma/pull/1999) +* feat: add postgres max idle connections configuration [#2020](https://github.com//kumahq/kuma/pull/2020) + 👍contributed by @nikita15p +* feat: add kumactl --no-config flag [#2048](https://github.com//kumahq/kuma/pull/2048) +* feat: nodeselector across all pods with HELM [#2012](https://github.com//kumahq/kuma/pull/2012) +* feat: enable forwarding XFCC header [#1941](https://github.com//kumahq/kuma/pull/1941) + 👍contributed by @jewertow +* feat: TrafficPermission for ExternalServices [#1957](https://github.com//kumahq/kuma/pull/1957) +* feat: metrics hijacker [#1899](https://github.com//kumahq/kuma/pull/1899) +* feat: extend CircuitBreaker [#1655](https://github.com//kumahq/kuma/pull/1655) +* chore: remove API V2 [#2119](https://github.com//kumahq/kuma/pull/2119) +* chore: bump webhooks version [#2126](https://github.com//kumahq/kuma/pull/2126) +* chore: drop deprecated Envoy options [#2143](https://github.com//kumahq/kuma/pull/2143) +* chore: dockerfiles, add a user for kuma-cp [#2129](https://github.com//kumahq/kuma/pull/2129) +* chore: bump cni version to 0.0.9 [#2137](https://github.com//kumahq/kuma/pull/2137) +* chore: rename remote cp to zone cp [#2125](https://github.com//kumahq/kuma/pull/2125) +* chore: bump versions of logging, metrics, tracing [#2178](https://github.com//kumahq/kuma/pull/2178) +* chore: parametrize bitnami/kubectl [#2151](https://github.com//kumahq/kuma/pull/2151) +* chore: backwards compatible metrics [#2173](https://github.com//kumahq/kuma/pull/2173) +* chore: upgrade Envoy version to 1.18.3 [#2145](https://github.com//kumahq/kuma/pull/2145) +* chore updated go-control-plane [#2082](https://github.com//kumahq/kuma/pull/2082) + 👍contributed by @sudeeptoroy +* chore: fix misspelled words [#1984](https://github.com//kumahq/kuma/pull/1984) + 👍contributed by @tharun208 +* chore: upgrade GUI [#2157](https://github.com//kumahq/kuma/pull/2157) +* chore namespace source names for v1 API [#1896](https://github.com//kumahq/kuma/pull/1896) + 👍contributed by @austince +* chore: use cmux for MADS server [#1887](https://github.com//kumahq/kuma/pull/1887) +* chore: Add internal support for outbound UDP listeners [#1618](https://github.com//kumahq/kuma/pull/1618) + 👍contributed by @lahabana +* chore: Avoid generating duplicate subsets in ingress + 👍contributed by @lahabana +* chore: upgrade to apiextensions.k8s.io/v1 [#1108](https://github.com//kumahq/kuma/pull/1108) + 👍contributed by @austince +* fix: Clear snapshots from cache on disconnect [#2172](https://github.com//kumahq/kuma/pull/2172) + 👍contributed by @lahabana +* fix: use service account name to identify sync [#2127](https://github.com//kumahq/kuma/pull/2127) +* fix: raise the regex program size limit [#2139](https://github.com//kumahq/kuma/pull/2139) +* fix: pass query parameters through the metrics hijacker [#2124](https://github.com//kumahq/kuma/pull/2124) +* fix: matching endpoints by tags [#2096](https://github.com//kumahq/kuma/pull/2096) +* fix: manage and warn on control plane file limits [#2057](https://github.com//kumahq/kuma/pull/2057) [#2106](https://github.com//kumahq/kuma/pull/2106) +* fix: fix transparent-proxy for GCP/GKE [#2051](https://github.com//kumahq/kuma/pull/2051) +* fix: set death signal on child processes [#2045](https://github.com//kumahq/kuma/pull/2045) +* fix: TrafficRoute in multizone issue [#1979](https://github.com//kumahq/kuma/pull/1979) + +## 1.1.6 +> Released on 2021/05/13 + +* feat: expose reuse_connection in healthchecks [#1952](https://github.com//kumahq/kuma/pull/1952) +* feat: allow tcp/http healthchecks together [#1951](https://github.com//kumahq/kuma/pull/1951) +* feat: kumactl option to install gateway types [#1950](https://github.com//kumahq/kuma/pull/1950) +* feat: kumactl option to install kuma demo app [#1932](https://github.com//kumahq/kuma/pull/1932) +* feat: kumactl option to install Kong ingress [#1929](https://github.com//kumahq/kuma/pull/1929) +* feat: support all tags in traffic permission [#1902](https://github.com//kumahq/kuma/pull/1902) +* fix: gateway status was always reporting offline [#1946](https://github.com//kumahq/kuma/pull/1946) +* fix: don't cache failed calls [#1894](https://github.com//kumahq/kuma/pull/1894) + 👍contributed by @lahabana +* chore: add hostname when sending traces to the collector [#1962](https://github.com//kumahq/kuma/pull/1962) +* docs: prepare api docs generation [#1741](https://github.com//kumahq/kuma/pull/1741) +* test: azure aks and e2e improvements for the CI [#1880](https://github.com//kumahq/kuma/pull/1880) + [#1871](https://github.com//kumahq/kuma/pull/1871) + [#1933](https://github.com//kumahq/kuma/pull/1933) + [#1953](https://github.com//kumahq/kuma/pull/1953) + [#1972](https://github.com//kumahq/kuma/pull/1972) + +## 1.1.5 +> Released on 2021/04/29 + +* feat: generate outbounds for itself [#1900](https://github.com//kumahq/kuma/pull/1900) +* chore: migrate from bintray [#1901](https://github.com//kumahq/kuma/pull/1901) +* chore: GUI updates and fixes [#1897](https://github.com//kumahq/kuma/pull/1897) +* chore: kumactl check version after loading config [#1879](https://github.com/kumahq/kuma/pull/1879) +* chore: transparent proxy improvements [#1852](https://github.com//kumahq/kuma/pull/1852) +* chore upgrade Go to 16.3 and use go embed [#1864](https://github.com//kumahq/kuma/pull/1864) [#1865](https://github.com//kumahq/kuma/pull/1865) +* fix: always set locality in multizone [#1863](https://github.com//kumahq/kuma/pull/1863) +* fix: Envoy config is created based on old Dataplane [#1848](https://github.com//kumahq/kuma/pull/1848) + + +## 1.1.4 +> Released on 2021/04/19 + +* chore: force all DNS traffic capture [#1842](https://github.com//kumahq/kuma/pull/1842) + +## 1.1.3 +> Released on 2021/04/16 + +* feat: support External Services with original hostname and port (built-in DNS) + [#1807](https://github.com//kumahq/kuma/pull/1807) [#1811](https://github.com//kumahq/kuma/pull/1811) [#1817](https://github.com//kumahq/kuma/pull/1817) [#1812](https://github.com//kumahq/kuma/pull/1812) [#1821](https://github.com//kumahq/kuma/pull/1821) [#1824](https://github.com//kumahq/kuma/pull/1824) [#1828](https://github.com//kumahq/kuma/pull/1828) [#1822](https://github.com//kumahq/kuma/pull/1822) +* fix: pass validation of V3 specific configs in ProxyTemplate [#1819](https://github.com//kumahq/kuma/pull/1819) +* chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM [#1796](https://github.com//kumahq/kuma/pull/1796) + + +## 1.1.2 +> Released on 2021/04/09 + +* feat: extend CircuitBreaker policy with Thresholds [#1688](https://github.com//kumahq/kuma/pull/1688) +* feat: enable IPv6 support and tests [#1726](https://github.com//kumahq/kuma/pull/1726) [#1734](https://github.com//kumahq/kuma/pull/1734) +* feat: unuversal mode transparent-proxy firewalld support [#1702](https://github.com//kumahq/kuma/pull/1702) +* feat: new Grafana charts for golden signals and L7 metrics [#1739](https://github.com//kumahq/kuma/pull/1739) [#1786](https://github.com//kumahq/kuma/pull/1786) +* chore: verify e2e tests run in EKS [#1684](https://github.com//kumahq/kuma/pull/1684) [#1685](https://github.com//kumahq/kuma/pull/1685) [#1744](https://github.com//kumahq/kuma/pull/1744) +* chore: upgrade CRDS to apiextensions.k8s.io/v1 [#1108](https://github.com//kumahq/kuma/pull/1108) +* fix: helm cp service annotations [#1767](https://github.com//kumahq/kuma/pull/1767) + 👍contributed by nbrink91 +* fix: gui fixes [#1773](https://github.com//kumahq/kuma/pull/1773) +* fix: KDS may delete ConfigMaps on Control Plane restarts [#1769](https://github.com//kumahq/kuma/pull/1769) +* fix: Kuma CP restart may cause stale Envoy configs on Universal [#1749](https://github.com//kumahq/kuma/pull/1749) +* fix: use EnvoyGRPC to fix DNS resolving [#1740](https://github.com//kumahq/kuma/pull/1740) +* fix: fix ingress-enabled [#1725](https://github.com//kumahq/kuma/pull/1725) +* fix: pick HTTP health checker version depending on outbound's protocol [#1714](https://github.com//kumahq/kuma/pull/1714) +* fix: improve the DNS server bind message [#1701](https://github.com//kumahq/kuma/pull/1701) +* fix: validate --name and --mesh when dataplane is provided [#1771](https://github.com//kumahq/kuma/pull/1771) +* fix: better error messages when there is problem with pod dataplane convertion [#1743](https://github.com//kumahq/kuma/pull/1743) +* fix: crashes under load [#1694](https://github.com//kumahq/kuma/pull/1694) [#1695](https://github.com//kumahq/kuma/pull/1695) + +## 1.1.1 +> Released on 2021/03/11 + +* fix: make sure we enumerate all types in kumactl [#1673](https://github.com//kumahq/kuma/pull/1673) +* fix: annnotate service with ingress that has no annotations [#1671](https://github.com//kumahq/kuma/pull/1671) +* fix: improve err message if $HOME is not defined [#1664](https://github.com//kumahq/kuma/pull/1664) +* feat: zipkin config add shared span context option [#1660](https://github.com//kumahq/kuma/pull/1660) + 👍contributed by @ericmustin +* feat: get rid of 'changed' check [#1663](https://github.com//kumahq/kuma/pull/1663) diff --git a/app/assets/raw/UPGRADE.md b/app/assets/raw/UPGRADE.md new file mode 100644 index 000000000..a22c16452 --- /dev/null +++ b/app/assets/raw/UPGRADE.md @@ -0,0 +1,1135 @@ +This document guides you through the process of upgrading `Kuma`. + +First, check if a section named `Upgrade to x.y.z` exists, +with `x.y.z` being the version you are planning to upgrade to. + +If such a section does not exist, the upgrade you want to perform +does not have any particular instructions. + +## Upgrade to `2.6.x` + +### Unifying Default Connection Timeout Values + +To simplify configuration and provide a more consistent user experience, we've unified the default connection timeout values. When no `MeshTimeout` or `Timeout` policy is specified, the connection timeout will now be the same as the default `connectTimeout` values for `MeshTimeout` and `Timeout` policies. This value is now `5s`, which is a decrease from the previous default of `10s`. + +The connection timeout specifies the amount of time Envoy will wait for an upstream TCP connection to be established. + +The only users who need to take action are those who are explicitly relying on the previous default connection timeout value of `10s`. These users will need to create a new `MeshTimeout` policy with the appropriate `connectTimeout` value to maintain their desired behavior. + +We encourage all users to review their configuration, but we do not anticipate that this change will require any action for most users. + +## Upgrade to `2.5.x` + +### Transparent-proxy and CNI v1 removal + +v2 has been default since 2.2.x. We are therefore removing v1. + +### Deprecated argument to transparent-proxy + +Parameters `--exclude-outbound-tcp-ports-for-uids` and `--exclude-outbound-udp-ports-for-uids` are now merged into `--exclude-outbound-ports-for-uids` for `kumactl install transparent-proxy`. +We've also added the matching Kubernetes annotation: `traffic.kuma.io/exclude-outbound-ports-for-uids`. +The previous versions will still work but will be removed in the future. + +### More strict validation rules for resource names + +In order to be compatible with Kubernetes naming policy we updated the validation rules. Old rule: + +> Valid characters are numbers, lowercase latin letters and '-', '_' symbols. + +New rule: + +> A lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + +New rule is applied for CREATE operations. The old rule is still applied for UPDATE, but this is going to change in Kuma 2.7.x or later. + +### API + +#### overview API coherency + +These endpoints are getting replaced to achieve more coherency on the API: + +- `/meshes/{mesh}/zoneegressoverviews` moves to `/meshes/{mesh}/zoneegresses/_overview` +- `/meshes/{mesh}/zoneingresses+insights` moves to `/meshes/{mesh}/zone-ingresses/_overview` +- `/meshes/{mesh}/dataplanes+insights` moves to `/meshes/{mesh}/dataplanes/_overview` +- `/zones+insights` moves to `/zones/_overview` + +While you can use the old API they will be removed in a future version + +### Prometheus inbound listener is not secured by TrafficPermission anymore + +Due to the shadowing [issue](https://github.com/kumahq/kuma/issues/2417) with old TrafficPermission it was quite impossible to protect Prometheus inbound listener as expected. +RBAC rules on the Prometheus inbound listener were blocking users from fully migrate to the new MeshTrafficPermission policy. +That's why we decided to discontinue TrafficPermission support on the Prometheus inbound listener starting 2.5.x. + +### Gateway API + +We support `v1` resources and `v1.0.0` of `gateway-api`. `v1beta1` resources are +still supported but support for these WILL be removed in a future release. + +### KDS Delta enabled by default + +KDS Delta is enabled by default. You can fallback to SOTW KDS by setting `KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED=false`. +As a side effect, on kubernetes policies synced will be persisted in the `kuma-system` namespace instead of `default`. + +## Upgrade to `2.4.x` + +### Configuration change + +The configuration: `Metrics.Mesh.MinResyncTimeout` and `Metrics.Mesh.MaxResyncTimeout` are replaced by `Metrics.Mesh.MinResyncInterval` and `Metrics.Mesh.FullResyncInterval`. +You can still use the current configs but it will be removed in the future. + +### **Breaking changes** + +#### Removal of service field in Dataplane outbound + +After a period of depreciation, the service field in now removed. The service name is only defined by the value of `kuma.io/service` in the outbound tags field. + +## Upgrade to `2.3.x` + +### **Breaking changes** + +#### `MeshHTTPRoute` + +* Changed path match `type` from `Prefix` to `PathPrefix` + +#### `MeshAccessLog` + +* Added a new field `Type` for `Backend` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) +* Added a new field `Type` for `Format` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) + +#### `MeshTrace` + +* Added a new field `Type` for `Backend` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) + +#### `kumactl` container image + +* Changed image's entrypoint to `/usr/bin/kumactl` + +This change was introduced to be consistent with `kuma-cp` and `kuma-dp` images, +where names of images refer to binaries set in entrypoint. + +Example valid before: +```sh +docker run kumahq/kumactl:2.2.1 kumactl install transparent-proxy --help +``` + +Equivalent example valid now: +```sh +docker run kumahq/kumactl:2.3.0 install transparent-proxy --help +``` + +#### TLS verification between Zone CP and Global CP + +If the CA used to sign the Global CP sync server is not provided to a Zone CP (HELM `controlPlane.tls.kdsZoneClient`, ENV: `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE`), and the certificate is signed by a CA that is not included in the system's CA bundle on the Zone CP machine, you must do one of the following: +* Provide the CA to the Zone CP, see https://kuma.io/docs/2.2.x/production/secure-deployment/certificates/#control-plane-to-control-plane-multizone . +* Configure Zone CP. Set `KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY` or HELM value of `controlPlane.tls.kdsZoneClient.skipVerify` to `true`. + +#### Removal of Common Name from generated certificates + +This only affects users who rely on generated certificates having a common name set. + +* `kumactl generate tls-certificate` generates certificates without CN +* autogenerated TLS certificate for kuma-cp (when `general.tlsCertFile` is not provided) won't have CN + +## Upgrade to `2.2.x` + +### Universal + +#### CentOS 7 + +We are dropping support for running Envoy on CentOS 7 with this release and will +not release CentOS 7 compatible Envoy builds. + +#### Changed default postgres driver to pgx + +- If you encounter any problems with the persistence layer please [submit an issue](https://github.com/kumahq/kuma/issues/new) and temporarily switch to the previous driver (`lib/pq`) by setting +`DriverName=postgres` configuration option or `KUMA_STORE_POSTGRES_DRIVER_NAME='postgres'` env variable. +- Several configuration settings are not supported by the new driver right now, if used to configure them please try running with new defaults or [submit an issue](https://github.com/kumahq/kuma/issues/new). +List of unsupported configuration options: + - MaxIdleConnections (used in store) + - MinReconnectInterval (used in events listener) + - MaxReconnectInterval (used in events listener) + +#### Longer name of the resource in postgres + +Kuma now permits the creation of a resource with a name of up to 253 characters, which is an increase from the previous limit of 100 characters. This adjustment brings our system in line with the naming convention supported by Kubernetes. +This change requires to run `kuma-cp migrate up` to apply changes to the postgres database. + +### K8s + +#### Removed deprecated annotations + +- `kuma.io/builtindns` and `kuma.io/builtindnsport` are removed in favour of `kuma.io/builtin-dns` and `kuma.io/builtin-dns-port` introduced in 1.8.0. If you are using the legacy CNI you main need to set these old annotations manually in your pod definition. +- `kuma.io/sidecar-injection` is no longer supported as an annotation, you should use it as a label. + +#### Helm + +All containers now have defaults for `resources.requests.{cpu,memory}` and `resources.limits.{memory}`. +There are new default values for `*.podSecurityContext` and `*.containerSecurityContext`, see `values.yaml`. + +#### Gateway API + +We now support version `v0.6.0` of the Gateway API. See the [upstream API +changes](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.6.0) for +more info. + +### Auth configuration of DP server in Kuma CP + +`dpServer.auth` configuration of Kuma CP was deprecated. You can still set config in this section, but it will be removed in the future. +It's recommended to migrate to `dpServer.authn` if you explicitly set any of the configuration in this config section. +* `dpServer.auth.type` is now split into two: `dpServer.authn.dpProxy.type` and `dpServer.authn.zoneProxy.type` and is still autoconfigured based on the environment. +* `dpServer.auth.useTokenPath` is now `dpServer.authn.enableReloadableTokens` + +### Transparent Proxy Engine v2 and CNI v2 as default + +As they matured, in the upcoming release Kuma will by default use transparent +proxy engine v2 and CNI v2. + +If you want to still use v1 versions of these components, you will have to install +Kuma with provided `legacy.transparentProxy=true` or `legacy.cni.enabled=true` +options. + +#### Examples + +##### CNI + +*Helm* + +```sh +helm upgrade --install --create-namespace --namespace kuma-system \ + --set "legacy.cni.enabled=true" \ + --set "cni.enabled=true" \ + --set "cni.chained=true" \ + --set "cni.netDir=/etc/cni/net.d" \ + --set "cni.binDir=/opt/cni/bin" \ + --set "cni.confName=10-calico.conflist" + kuma kuma/kuma +``` + +*kumactl* + +```sh +kumactl install control-plane \ + --set "legacy.cni.enabled=true" \ + --set "cni.enabled=true" \ + --set "cni.chained=true" \ + --set "cni.netDir=/etc/cni/net.d" \ + --set "cni.binDir=/opt/cni/bin" \ + --set "cni.confName=10-calico.conflist" \ + | kubectl apply -f- +``` + +##### Transparent Proxy Engine + +*Helm* + +```sh +helm upgrade --install --create-namespace --namespace kuma-system \ + --set "legacy.transparentProxy=true" kuma kuma/kuma +``` + +*kumactl* + +```sh +kumactl install control-plane --set "legacy.transparentProxy=true" | kubectl apply -f- +``` + +### Removal of deprecated options to reach applications bound to `localhost` + +The deprecated options `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` and +`defaults.enableLocalhostInboundClusters` were removed. + +This change affects only applications using transparent proxy. + +Applications that are binding to `localhost` won't be reachable anymore. +This is the default behaviour from Kuma 1.8.0. Until now, it was possible to set +a deprecated kuma-cp configurations `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` +or `defaults.enableLocalhostInboundClusters` to `true`, which was allowing to +still reach these applications. + +One of the options to upgrade change address which the application is +listening on, to `0.0.0.0`. +Other option is to define `dataplane.networking.inbound[].serviceAddress` +to the address which service is binding to. + +## Upgrade to `2.1.x` + +### **Breaking changes** + +#### **Naming Serviceless dataplanes has changed** + +Currently, the `kuma.io/service` value of the inbound of a `Dataplane` generated for a `Pod` without a `Service` is based on the `Pod` name. The Kuma CP takes the pod's name and removes 2 last elements after splitting by `-`. This behavior is correct when the `Pod` is owned by a `Deployment` or `CronJob` but not for other owner kinds. Kuma will now use the name of the owner resource as the `kuma.io/service` value. +Before upgrade: +1. Identify all `Service`less `Pods` that are not managed by a `Deployment` or `CronJob`. +2. Create copies of policies that were created for the services corresponding to these `Pods`. The `kuma.io/service` value is the name of the owner resource. If there is no owner, `Kuma` uses the `Pod`'s name. + +This breaking change is required to provide correct naming. The previous behavior could produce the same `kuma.io/service` value of the inbound of a `Dataplane` for many different serviceless Dataplanes. + +#### MeshTrafficPermission + +Action value have switched to PascalCase. ALLOW is Allow, DENY is Deny and ALLOW_WITH_SHADOW_DENY is AllowWithShadowDeny. + +### HTTP api + +We've removed the deprecated endpoint `POST /tokens`, use the `POST /tokens/dataplane` endpoint instead (same request and response). +Make sure you are using a recent `kumactl` or that you use the right path if using the API directly to upgrade with no issues. + +### Kubernetes + +The sidecar container is always injected first (since [#5436](https://github.com/kumahq/kuma/pull/5436)). This should only impact you when modifying the sidecar container with a container-patch. If you do so, upgrade Kuma and then change your container patch to modify the right container. + +This version changes the leader election mechanism from leader for life to the more robust leader with lease. +As the result, during the upgrade you may have two leaders in the cluster. +This should not impact the system in any significant way other than logs like `resource was already updated`. + +### Kumactl + +`--valid-for` must be set for all token types, before it was defaulting to 10 years. + +## Upgrade to `2.0.x` + +### Built-in gateway + +If you're using the `PREFIX` path match for `MeshGatewayRoute`, +note that validation is now stricter. +If you try to update an existing `MeshGatewayRoute` or create a new one, +make sure your `PREFIX` matching `value` does not include a trailing slash. +All prefix matches are checked path-separated, +meaning that `/prefix` only matches +if the request's path is `/prefix` or begins with `/prefix/`. +This has always been the case, +so no behavior has been changed +and existing resources with a trailing slash are not affected. + +### Universal + +A `lib/pq` change enables SNI by default when connecting to Postgres over TLS. +Either make sure your certificates contain a valid CN or SANs for the hostname +you're using +or update to `2.0.1` and disable `sslsni` by setting the +`KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI` environment variable or +`store.postgres.tls.disableSSLSNI` in the config to `true`. + +### `kuma-prometheus-sd` + +This component has been removed +after [a long period of deprecation](https://github.com/kumahq/kuma/issues/2851). + +### Zone Ingress Token migration + +This is only relevant to Multizone deployment with Universal zones. +Zone Token that was previously used for authenticating Zone Egress, can now be used to authenticate Zone Ingress. +Please regenerate Zone Ingress token using `kumactl generate zone-token --scope=ingress`. +For the time being you can still use the old Zone Ingress token and Zone Token with scope ingress. +However, Zone Ingress Token is now deprecated and will be removed in the future. + +### Helm + +`ingress.annotations` and `egress.annotations` are deprecated in favour of `ingress.podAnnotations` and `egress.podAnnotations` which is a better name and aligne with the existing `controlPlane.podAnnoations`. + + +### Kuma-cp + +- By default, the minimum TLS version allowed on servers is TLSv1.2. If you require using TLS < 1.2 you can set `KUMA_GENERAL_TLS_MIN_VERSION`. +- `KUMA_MONITORING_ASSIGNMENT_SERVER_GRPC_PORT` was removed after a long deprecation period use `KUMA_MONITORING_ASSIGNMENT_SERVER_PORT` instead. + +### gRPC metrics + +With this release, emitting separate statistics for every gRPC method is disabled. +gRPC metrics from different methods are now aggregated under `envoy_cluster_grpc_request_message_count`. +It will be re-enabled again in the future once Envoy with [`replace_dots_in_grpc_service_name`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/grpc_stats/v3/config.proto#envoy-v3-api-field-extensions-filters-http-grpc-stats-v3-filterconfig-stats-for-all-methods) feature is released. +If you need to enable this setting, you can use ProxyTemplate to patch `envoy.filters.http.grpc_stats` http filter. + +## Upgrade to `1.8.x` + +### Kumactl + +* `kumactl inspect dataplane --config-dump` was deprecated in favour of `kumactl inspect dataplane --type config-dump`. The behaviour of the new flag is unchanged but you should migrate. +* `kumactl install transparent-proxy --skip-resolv-conf` was deprecated as there's no reason for us to update the `/etc/resolv.conf` of the user. +* `kumactl install transparent-proxy --kuma-cp-ip` was removed as it's not possible to run a DNS server on the cp. + +### Helm + +* Under `cni.image`, the default values for `repository` and `registry` have been +changed to agree with the other `image` values. + +### CP + +* The `/versions` endpoint was removed. This is not something that was reliable enough and version compatibility +is checked inside the DP +* We are deprecating `kuma.io/builtindns` and `kuma.io/builtindnsport` annotations in favour of the clearer `kuma.io/builtin-dns` and `kuma.io/builtin-dns-port`. The behavior of the new annotations is unchanged but you should migrate (a warning is present on the log if you are using the deprecated version). +* By default, applications binding to `localhost` are not reachable anymore. A `Dataplane` inbound's default `serviceAddress` is now the inbound's `address`. Before upgrade, if you have applications listening on `localhost` that you want to expose on: + * Kubernetes: listen on `0.0.0.0` instead + * Universal: listen on `inbound.address` instead or set `dataplane.networking.inbound[].serviceAddress: "127.0.0.1"` +To make migration easier you can temporarily disable this new behavior by setting `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS=true` on `kuma-cp`, this option will be removed in a future version. + +## Upgrade to `1.7.x` + +### Kumactl + +* We're deprecating `kumactl install metrics/tracing/logging`, please use `kumactl install observability` instead + +### DNS + +The `control-plane` no longer hosts a builtin DNS server. You should always rely on the embedded DNS in the dataplane proxy and VIPs can't be used without transparent proxy. + +### Timeout policy + +'grpc' section is deprecated. +Timeouts for HTTP, HTTP2 and GRPC should be set in 'http' section: + +```yaml +tcp: + idleTimeout: 1h +http: # http, http2, grpc + requestTimeout: 15s + idleTimeout: 1h + streamIdleTimeout: 30m + maxStreamDuration: 0s +grpc: # DEPRECATED + streamIdleTimeout: 30m # DEPRECATED, use 'http.streamIdleTimeout' + maxStreamDuration: 0s # DEPRECATED, use 'http.maxStreamDuration' +``` + +## Upgrade to `1.6.x` + +### Helm + +* the Helm chart for this release requires at least Helm version `3.8.0`. +* `controlPlane.resources` is now on object instead of a string. Any existing value should be adapted accordingly. + +### Zone egress and ExternalService + +When an `ExternalService` has the tag `kuma.io/zone` and `ZoneEgress` is enabled then the request flow will be different after upgrading Kuma to the newest version. +Previously, the request to the `ExternalService` goes through the `ZoneEgress` in the current zone. The newest version flow is different, and when `ExternalService` is defined in a different zone then the request will go through local `ZoneEgress` to `ZoneIngress` in zone where `ExternalService` is defined and leave the cluster through `ZoneEgress` in this cluster. To keep previous behavior, remove the `kuma.io/zone` tag from the `ExternalService` definition. + +### Zone egress + +Previously, when mTLS was configured and `ZoneEgress` deployed, requests were routed automatically through `ZoneEgress`. Now it's required to +explicitly set that traffic should be routed through `ZoneEgress` by setting `Mesh` configuration property `routing.zoneEgress: true`. The +default value of the property is set to `false` so in case your network policies don't allow you to reach other external services/zone without +using `ZoneEgress`, set `routing.zoneEgress: true`. + +```yaml +type: Mesh +name: default +mtls: # mTLS is required for zoneEgress + [...] +routing: + zoneEgress: true +``` + +The new approach changes the flow of requests to external services. Previously when there was no instance of `ZoneEgress` traffic was routed +directly to the destination, now it won't reach the destination. + +### Gateway (experimental) + +Previously, a `MeshGatewayInstance` generated a `Deployment` and `Service` whose +names ended with a unique suffix. With this release, those objects will have the +same name as the `MeshGatewayInstance`. + +### Inspect API + +In connection with the changes around `MeshGateway` and `MeshGatewayRoute`, the output +schema of the `//dataplanes` has changed. Every policy can +now affect both normal `Dataplane`s and `Dataplane`s configured as builtin gateways. +The configuration for the latter type is done via `MeshGateway` resources. + +Every item in the `items` array now has a `kind` property of either: + +* `SidecarDataplane`: a normal `Dataplane` with outbounds, inbounds, + etc. +* `MeshGatewayDataplane`: a `MeshGateway`-configured `Dataplane` with a new + structure representing the `MeshGateway` it serves. + +Some examples can be found in the [Inspect API +docs](https://kuma.io/docs/1.6.x/documentation/http-api/#inspect-api). + +## Upgrade to `1.5.x` + +### Any type + +The `kuma.metrics.dataplane.enabled` and `kuma.metrics.zone.enabled` configurations have been removed. + +Kuma always generate the corresponding metrics. + +### Kubernetes + +- Please migrate your `kuma.io/sidecar-injection` annotations to labels. + The new version still supports annotation, but to have a guarantee that applications can only start with sidecar, you must use label instead of annotation. +- Configuration parameter `kuma.runtime.kubernetes.injector.sidecarContainer.adminPort` and environment variable `KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ADMIN_PORT` + have been deprecated in favor of `kuma.bootstrapServer.params.adminPort` and `KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT`. + +### Universal + +- We removed support for old Ingress (`Dataplane#networking.ingress`) from pre 1.2 days. + If you are still using it, please migrate to `ZoneIngress` first (see `Upgrade to 1.2.0` section). +- You can't use 0.0.0.0 or :: in `networking.address` most of the time using loopback is what people intended. +- Kuma DP flag `--admin-port` and environment variable `KUMA_DATAPLANE_ADMIN_PORT` have been deprecated, + admin port should be specified in Dataplane or ZoneIngress resources. + +## Upgrade to `1.4.0` + +Starting with this version, the default API server authentication method is user +tokens. In order to continue using client certificates (the previous default +method), you'll need to explicitly set the authentication method to client +certificates. This can be done by setting the `KUMA_API_SERVER_AUTHN_TYPE` variable to +`"clientCerts"`. + +See [Configuration - Control plane](https://kuma.io/docs/1.3.1/documentation/configuration/#control-plane) +for how to set this variable. + +## Upgrade to `1.3.0` + +Starting with this version `Mesh` resource will limit the maximal number of mtls backends to 1, so please make sure your `Mesh` has correct backend applied before the upgrade. + +Outbound generated internally are no longer listed in `dataplane.network.outbound[]`. For Kubernetes, they will automatically disappear. For universal to remove them you should recreate your dataplane resources (either with `kumactl apply` or by restarting your services if the dataplanes lifecycle is managed by Kuma). + +Kuma 1.3.0 has additional mechanism for tracking data plane proxies and zone statuses in a more reliable way. This mechanism works as a heartbeat and periodically increments the `generation` counter for the Insights. If the overall time for upgrading all Kuma CP instances is more than 5 minutes, then some data plane proxies or zones may become Offline in the GUI, but this doesn't affect real connectivity, only view. This unwanted effect will disappear as soon as all Kuma CP instances will be upgraded to 1.3.0. + +## Upgrade to `1.2.1` + +When Global is upgraded to `1.2.1` and Zone CP is still `1.2.0`, ZoneIngresses will always be listed as offline. +After Zone CPs are upgraded to `1.2.1`, the status will work again. ZoneIngress status does not affect cross-zone traffic. + +## Upgrade to `1.2.0` + +One of the changes introduced by Kuma 1.2.0 is renaming `Remote Control Planes` to `Zone Control Planes` and `Dataplane Ingress` to `Zone Ingress`. +We think this change makes the naming more consistent with the rest of the application and also removes some of unnecessary confusion. + +As a result of this renaming, some values and arguments in multizone/kubernetes environment changed. You can read below more. + +### Upgrading with `kumactl` on Kubernetes + +1. Changes in arguments/flags for `kumactl install control-plane` + + * `--mode` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + + * `--tls-kds-remote-client-secret` flag was renamed to `--tls-kds-zone-client-secret` + +2. Service `kuma-global-remote-sync` changed to `kuma-global-zone-sync` so after upgrading `global` control plane you have to manually remote old service. For example: + + ```sh + kubectl delete -n kuma-system service/kuma-global-remote-sync + ``` + + Hint: It's worth to remember that often at this point the IP address/hostname which is used as a KDS address when installing Kuma Zone Control Planes will change. Make sure that you update the address when upgrading the Remote CPs to the newest version. + +### Upgrading with `helm` on Kubernetes + +Changes in values in Kuma's HELM chart + +* `controlPlane.mode` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + +* `controlPlane.globalRemoteSyncService` was renamed to `controlPlane.globalZoneSyncService` + +* `controlPlane.tls.kdsRemoteClient` was renamed to `controlPlane.tls.kdsZoneClient` + +### Suggested Upgrade Path on Universal + +1. Zone Control Planes should be started using new environment variables + + * `KUMA_MODE` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + + Old: + ```sh + KUMA_MODE="remote" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MODE="zone" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_ZONE` was renamed to `KUMA_MULTIZONE_ZONE_NAME` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_ZONE="remote-1" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_NAME="remote-1" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_GLOBAL_ADDRESS` was renamed to `KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_GLOBAL_ADDRESS="grpcs://localhost:5685" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS="grpcs://localhost:5685" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE` was renamed to `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE="/rootCa" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE="/rootCa" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE` was renamed to `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_KDS_REFRESH_INTERVAL="9s" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL="9s" [...] kuma-cp run + ``` + +2. Dataplane Ingress resource should be replaced with ZoneIngress resource: + + Old: + ```yaml + type: Dataplane + name: dp-ingress + mesh: default + networking: + address:
+ ingress: + publicAddress: + publicPort: + inbound: + - port: + tags: + kuma.io/service: ingress + ``` + + New: + ```yaml + type: ZoneIngress + name: zone-ingress + networking: + address:
+ port: + advertisedAddress: + advertisedPort: + ``` + + NOTE: ZoneIngress resource is a global scoped resource, it's not bound to a Mesh + The old Dataplane resource is still supported but it's considered deprecated and will be removed in the next major version of Kuma + + +3. Since ZoneIngress resource is not bound to a Mesh, it requires another token type that is bound to a Zone: + + ```shell + kumactl generate zone-ingress-token --zone=zone-1 > /tmp/zone-ingress-token + ``` + +4. `kuma-dp run` command should be updated with a new flag `--proxy-type=ingress`: + + ```sh + kuma-dp run \ + --proxy-type=ingress \ + --dataplane-token-file=/tmp/zone-ingress-token \ + --dataplane-file=zone-ingress.yaml + ``` + + +## Upgrade to `1.1.0` + +The major change in this release is the migration to XDSv3 for the `kuma-cp` to `envoy` data plane proxy communication. The +previous XDSv2 is still available and will continue working. All the existing data plane proxies will still use XDSv2 until +being restarted. The newly deployed `kuma-dp` instances will automatically get bootstrapped to XDSv3. In case that needs to be +changed, `kuma-cp` needs to be started with `KUMA_BOOTSTRAP_SERVER_API_VERSION=v2`. + +With Kuma 1.1.0, the `kuma-cp` will installs default [retry](https://kuma.io/docs/1.1.0/policies/retry/) and [timeout](https://kuma.io/docs/1.1.0/policies/timeout/) policies for each new +created Mesh object. The pre-existing meshes will not automatically get these default policies. If needed, they should be created accordingly. + +This version removes the deprecated `--dataplane` flag in `kumactl generate dataplane-token`, please consider migrating to use `--name` instead. + +## Upgrade to `1.0.0` + +This release introduces a number of breaking changes. If Kuma is being deployed in production we strongly suggest to backup the current configuration, tear down the whole cluster and zones, and install in a clean setup. However, we enumerate the details of these changes below. + +### Suggested Upgrade Path on Kubernetes + * Drop k8s 1.13 support + + Take this into account if you run Kuma on an old Kubernetes version. + + * `kumactl` merged `install ingress` into `install control-plane` + + This change impacts any deployment pipelines that are based on `kumactl` and are used for multi-zone deployments. + + * Change policies on K8S to scope global + + All the CRDs are now in the global scope, therefore all policies need to be backed up. The relevant CRDs need to be deleted, which will clear all the policies. After the upgrade, you can apply the policies again. We do recommend to keep all the Kuma Control Planes down while doing these operations. + + * Autoconfigure single cert for all services + + Deployment flags for providing TLS certificates in Helm and `kumactl` have changed, refer to the relevant [documentation](https://github.com/kumahq/kuma/blob/release-1.0/deployments/charts/kuma/README.md#values) to verify the new naming. + + * Create default resources for Mesh + + The following default resources will be created upon the first start of Kuma Control Plane + - default signing key + - default [Allow All traffic permission](https://kuma.io/docs/1.0.0/policies/traffic-permissions/#traffic-permissions) policy `allow-all-` + - Default [Allow All traffic route](https://kuma.io/docs/1.0.0/policies/traffic-route/#default-trafficroute) policy `allow-all-` + + Please verify if this conflicts with your deployment and expected policies. + + * New Multizone deployment flow + + Deploying Multizone clusters is now simplified, please refer to the deployment [documentation](https://kuma.io/docs/1.0.0/documentation/deployments/#multi-zone-mode) of the updated procedure. + + * Improved control plane communication security + + Kuma Control Plane exposed ports are reduced, please revise the [documentation](https://kuma.io/docs/1.0.0/documentation/networking/#kuma-cp-ports) for detailed list. + Consider reinstalling the metrics due to the port changes in Kuma Prometheus SD. + + * Traffic route format + + The format of the [TrafficRoute](https://kuma.io/docs/1.0.0/policies/traffic-route) has changed. Please check the documentation and adapt your resources. + +### Suggested Upgrade Path on Universal + * Get rid of advertised hostname + `KUMA_GENERAL_ADVERTISED_HOSTNAME` was removed and not needed now. + + * Autoconfigure single cert for all services + Deployment flags for providing TLS certificates in Helm and `kumactl` have changed, refer to the [documentation](https://github.com/kumahq/kuma/blob/release-1.0/pkg/config/app/kuma-cp/kuma-cp.defaults.yaml) to verify the new naming. + + * Create default resources for Mesh + + The following default resources will be created upon the first start of Kuma Control Plane + - default signing key + - default [Allow All traffic permission](https://kuma.io/docs/1.0.0/policies/traffic-permissions/#traffic-permissions) policy `allow-all-` + - Default [Allow All traffic route](https://kuma.io/docs/1.0.0/policies/traffic-route/#default-trafficroute) policy `allow-all-` + + Please verify if this conflicts with your deployment and expected policies. + +* New Multizone deployment flow + + Deploying Multizone clusters is now simplified, please refer to the deployment [documentation](https://kuma.io/docs/1.0.0/documentation/deployments/#multi-zone-mode) of the updated procedure. + + * Improved control plane communication security + + `kuma-dp` invocation has changed and now [allows](https://kuma.io/docs/1.0.1/documentation/dps-and-data-model/#dataplane-entity) for a more flexible usage leveraging automated, template based Dataplane resource creation, customizable data-plane token boundaries and additional CA ceritficate validation for the Kuma Control plane boostrap server. + Kuma Control Plane exposed ports are reduced, please revise the [documentation](https://kuma.io/docs/1.0.0/documentation/networking/#kuma-cp-ports) for detailed list. + + * Traffic route format + + The format of the [TrafficRoute](https://kuma.io/docs/1.0.0/policies/traffic-route) has changed. Please check the documentation and adapt your resources. + + +## Upgrade to `0.7.0` +Support for `kuma.io/sidecar-injection` annotation. On Kubernetes change the namespace resources that host Kuma mesh services with the aforementioned annotation and delete the label. + +Prefix the Kuma built-in tags with `kuma.io/` as follows: `kuma.io/service`, `kuma.io/protocol`, `kuma.io/zone`. + +### Suggested Upgrade Path on Kubernetes + +Update the applied policy tag selector to include the `kuma.io/` prefix. A sample traffic resource follows: + +```yaml +apiVersion: kuma.io/v1alpha1 +kind: TrafficPermission +mesh: default +metadata: + namespace: default + name: allow-all-traffic +spec: + sources: + - match: + kuma.io/service: '*' + destinations: + - match: + kuma.io/service: '*' +``` + +The Kuma Control Plane will update the relevant Dataplane resources accordingly + +### Suggested Upgrade Path on Universal + +Update the applied policy tag selector to include the `kuma.io/` prefix. A sample traffic resource follows: + +```yaml +type: TrafficPermission +name: allow-all-traffic +mesh: default +sources: + - match: + kuma.io/service: '*' +destinations: + - match: + kuma.io/service: '*' +``` + +Update the dataplane resources with the new tag format as well. Example: + +```bash +echo "type: Dataplane +mesh: default +name: redis-1 +networking: + address: 192.168.0.1 + inbound: + - port: 9000 + servicePort: 6379 + tags: + kuma.io/service: redis" | kumactl apply -f - +``` + +This release changes the way that Distributed and Hybrid Kuma Control planes are deployed. Please refer to the [documentation](https://kuma.io/docs/0.7.0/documentation/deployments/#usage) for more details. + +## Upgrade to `0.6.0` + +[Passive Health Check](https://kuma.io/docs/0.5.1/policies/health-check/) were removed in favor of [Circuit Breaking](https://kuma.io/docs/0.6.0/policies/circuit-breaker/). + +Format of Active Health Check changed from : +```yaml +apiVersion: kuma.io/v1alpha1 +kind: HealthCheck +mesh: default +metadata: + namespace: default + name: web-to-backend-check +mesh: default +spec: + sources: + - match: + service: web + destinations: + - match: + service: backend + conf: + activeChecks: + interval: 10s + timeout: 2s + unhealthyThreshold: 3 + healthyThreshold: 1 + passiveChecks: + unhealthyThreshold: 3 + penaltyInterval: 5s +``` +to +```yaml +apiVersion: kuma.io/v1alpha1 +kind: HealthCheck +mesh: default +metadata: + namespace: default + name: web-to-backend-check +mesh: default +spec: + sources: + - match: + service: web + destinations: + - match: + service: backend + conf: + interval: 10s + timeout: 2s + unhealthyThreshold: 3 + healthyThreshold: 1 +``` + +### Suggested Upgrade Path on Kubernetes + +In the new Kuma version serivce tag format has been changed. Instead of `backend.kuma-demo.svc:5678` service tag will look like this `backend_kuma-demo_svc_5678`. This is a breaking change and Policies should be updated to be compatible with the new Kuma version. + +Please re-install Prometheus via `kubectl install metrics` and make sure that `skipMTLS` is set to `false` or omitted. +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + metrics: + enabledBackend: prometheus-1 + backends: + - name: prometheus-1 + type: prometheus + conf: + skipMTLS: false +``` + +### Suggested Upgrade Path on Universal + +Make sure that `skipMTLS` is set to `true`. + +```yaml +type: Mesh +name: default +metrics: + enabledBackend: prometheus-1 + backends: + - name: prometheus-1 + type: prometheus + conf: + skipMTLS: true +``` + + +## Upgrade to `0.5.0` +### Suggested Upgrade Path on Kubernetes + +#### Mesh resource format changes + +The Mesh resource format in Kubernetes changed from +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + mtls: + enabled: true + ca: + builtin: {} + metrics: + prometheus: {} + logging: + backends: + - name: file-1 + file: + path: /var/log/access.log + tracing: + backends: + - name: zipkin-1 + zipkin: + url: http://zipkin.local:9411/api/v1/spans +``` +to +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + mtls: + enabledBackend: ca-1 + backends: + - name: ca-1 + type: builtin + metrics: + enabledBackend: prom-1 + backends: + - name: prom-1 + type: prometheus + logging: + backends: + - name: file-1 + type: file + conf: + path: /var/log/access.log + tracing: + backends: + - name: zipkin-1 + type: zipkin + conf: + url: http://zipkin.local:9411/api/v1/spans +``` + +#### Removing `kuma-injector` + +Kuma 0.5.0 ships with `kuma-injector` embedded into the `kuma-cp`, which makes its previously created resources obsolete and potentially + can cause problems with the deployments. Before deploying the new version, it is strongly advised to run a cleanup script [kuma-0.5.0-k8s-remove_injector_resources.sh](tools/migrations/0.5.0/kuma-0.5.0-k8s-remove_injector_resources.sh). + + NOTE: if Kuma was deployed in a namespace other than `kuma-system`, please run `export KUMA_SYSTEM= backup.yaml + ``` + 2. Uninstall previous version of `Kuma Control Plane` + ```shell + # using previous version of `kumactl` + + kumactl install control-plane | kubectl delete -f - + ``` + 3. Install new version of `Kuma Control Plane` + ```shell + # using new version of `kumactl` + + kumactl install control-plane | kubectl apply -f - + ``` + 4. Re-apply `Kuma` resources back again + ```shell + kubectl apply -f backup.yaml + ``` + +### Suggested Upgrade Path on Universal + +* Those users who used `--dataplane-token-client-cert` and `--dataplane-token-client-key` command line options in the past will have to re-run + + ``` + kumactl config control-planes add + ``` + + this time with + + ```shell + --admin-client-cert --admin-client-cert --overwrite + ``` +* all components of `Kuma Control Plane` - `kuma-cp`, `kuma-dp`, `envoy` - have to be re-deployed